What should you consider if you have been breached?

The number of people who just pay up is incredibly high, what would you do?

71 percent of small businesses have been hit by ransomware attacks.
Small businesses have enough to worry about in their day to day operations with looking to backfill staff and the significant cost of living pressures. One more worry to add to the list is that their staff are often the target of scams or online threats because they are the easiest to penetrate.

How do you know if you are being attacked? ​

These are the classic Indicators of Compromise (IOC) that should be monitored: 

  • Abnormal network traffic
  • Mismatched port and application traffic
  • Non-conforming endpoints
  • Access requests to files that hold sensitive data, PII or IP
  • Outbound web traffic outside of the norm
  • Abnormal user activity talking to critical services
  • Spike in database and file store read volumes

What do bad actors do once they have breached your defences and obtained access to your network?

It’s believed that bad actors all follow a similar process:

  • Intruder selects target, researches it, and attempts to identify vulnerabilities,
  • Intruder creates an access tool, tailored to one or more vulnerabilities,
  • Intruder transmits weapon to their target/s,
  • Intruders’ weapon’s code triggers taking action on to exploit vulnerability,
  • Intruders weapon installs access point for remote access by intruder,
  • Intruder now accesses the various to target sources, and then the
  • Intruder act to exfiltrate data, destroy data, or encryption it for ransom.

So how should you prepare?

There are practical steps that can help a business of any size to reduce their exposure and avoid costly investments.

The first step is to map out:

  • What you have
  • What your risks are
  • Assess how ready you would be should the worst happen

We developed a checklist for any business to secure its data, users and business operations to reduce the possibility of being exploited. The steps are as follows:

  1. Ensure you have an appropriate security management plan for your data and infrastructure
  2. Balance IT services and access management for all your services
  3. Implement the correct user and application access by all your staff and third parties
  4. Manage users and system access controls to limit data exfiltration
  5. Develop business continuity beyond data backups

This checklist was developed from the Essential Eight (E8) cybersecurity framework that was designed for Federal Australian Government entities to protect citizen data from being stolen. It also considers security methodologies such as NIST, CIS and ISO27000.

This alone is not enough. You should also consider some more practical steps:

  1. Check your Cyber Insurance policy for coverage, caveats and applicability
  2. Confirm who has access to your data within and outside the organisation, and how it is used
  3. Assess how you store, use and backup your data today, then understand how it can be recovered and test it
  4. Update your understanding of your business obligations, under any regulatory or Government and/or Industry based standards

The ability to plan and implement any changes you require, based on your specific needs, is critical. We run various assessments for our clients, and in the process, we are constantly reminded of the value of planning and preparation – for all parties.

To find out more about how we can help, reach out to our team today. 

Get In Touch