WHAT TO DO WHEN YOU ARE UNDER A CYBER ATTACK
And it is not certain that large companies or institutions are more protected or safer.
The attack suffered by the Lazio Region last summer is clear proof of how destructive (and embarrassing!) a Ransomware can be.
Trenitalia, for example, recently suffered a cyber attack that paralyzed the Italian automatic ticket machines.
Cyber attacks of this kind are by no means rare and can have significant impacts: from the interruption of company services and activities, to economic losses up to reputational risks.
In addition to the correct preventive actions, it is clear that in the event of attacks it is necessary to put in place rapid and effective measures to properly manage the emergency.
So what are the main actions to be taken when undergoing a cyber attack?
- Implement the Disaster & Recovery Plan
Each company should prepare and share a Disaster & Recovery Plan with staff.
This plan includes all the useful information and actions to be implemented in the event of accidents, emergencies and cyber attacks, with the correct priorities.
Among this information, the following must not be missing:
- the reference of the systems manager
- instructions for restoring data from backup
- how to contact and what information must be provided to the authorities (including the Privacy Guarantor if necessary) and to all the victims involved (customers, employees, suppliers).
It is therefore important not only to verify that the Plan is present, but also to evaluate it regularly so that it is updated, effective and timely.
- Understanding what happened (and fixing the problem)
It is often mistakenly thought that, in the event of an attack, it is enough to restore the systems or regain possession of the data involved to solve the situation.
While these are certainly priorities, it may not be enough.
In fact, it is necessary to understand how the criminals were able to violate the systems and which security measures were not shown to be adequate.
Problems must be recognized and resolved to prevent future attacks.
SIAE knows something about it, since recently hit by the same ransomware and the same criminal group that violated them last year.
If the IT department of the company is not able to solve the mystery, a good rule is to contact Cyber Security specialists who will provide the necessary assessments and will also be able to find further vulnerabilities that could put the company in risk in the future.
- Do not be ashamed of the cyber attack (and communicate it correctly)
Cyber attacks must now be considered a norm.
If you have not already been attacked, you will be in the future (and there is always the possibility that the attack took place without being discovered).
In particular, for large companies, institutions and critical services, it should be normal to expect problems of this type and prepare to manage the emergency.
But even small businesses can fall victim to attacks, albeit less targeted.
A cyber attack, therefore, is not something to be ashamed of, but an eventuality to be managed.
It must therefore be communicated in the correct way (not denied!), reported to authorities with timely information and all victims involved must be notified.
Incorrect communication of the incident can be harmful in terms of loss of reputation and image.
Paradoxically, however, a cyber attack managed and resolved correctly can become a virtuous example to show to customers.
The post-attack analyzes, to ensure that vulnerabilities that led to the incident have been mitigated, and the correct communication of the incident should be considered additional priorities to be managed, like data recovery.