A CISO’s Guide: What To Do Before / After a Cyber Attack

With the creation of faster, more powerful computers and technology has come a steadily increasing number of cyber and ransomware attacks. Now more than ever, companies both small and large must focus on ensuring their own cyber security, or risk becoming a victim themselves.

“Every IP address on the internet is a target for vulnerability scans, probes, and attempted exploits. Companies must have an external IP address to communicate with the internet. That IP address is the first thing you must protect as part of your Cybersecurity program. A firewall along with an Intrusion Prevention System (IPS) is your first line of defense against external bad actors.” states Joshua Stinson, Eclypses Information Security Officer.

BEFORE A BREACH

The first thing all companies must come to accept is that regardless of their size, customer base, or data, anyone could become a victim of a data breach. In order to prevent a breach from occurring, it is important that each company understands best practices of data security and what is needed to ensure true protection at every level.

Firewalls: Many companies have heard of and utilize firewalls in order to protect their perimeter. While keeping your firewalls up to date is critical, it is just as critical to also maintain a strong firewall rule policy that limits the connections allowed for even more security.

Intrusion Prevention System: Besides having a firewall to protect the outer layer of security, standing up an Intrusion Prevention System (IPS) further protects the perimeter and ensures that the firewall is not the only barrier to evade.

Continuous Network Monitoring: Consistent monitoring of the internal network will provide data used to cross reference activity on the firewall and IPS. This helps identify intrusions that get inside and insider threats.

Keeping backups for full recovery: Ensure that backups are sufficient for a full recovery and air gapped by storing them offline or in the cloud. Meaning, your backups should not be readily accessible through the internal network and nefarious code such as ransomware.

Cyber Liability Insurance: Cyber Liability Insurance should be purchased and should be comprehensive enough to cover costs of response and recovery. Company policies may need to be written and implemented to ensure due diligence and meet the insurance company’s requirements.

Third-Party company for incident response: Have a third-party company identified that can assist with Incident Response. This company may need to be approved by the insurance company.

Vet your supply chain: Ensure your supply chain has been vetted to the best level possible. This could include software dependencies such as libraries and code provided by vendors.

Be proactive with supply chains: Learn in advance what you can about the supply chains of the companies whose software you use.

MTE technology: Implement MTE technology into your existing security systems to secure your endpoints. MTE eliminates the risk of leaving your most sensitive data unsecured by replacing this valuable data with meaningless, instantly obsolete random streams of values. So, if the attacker gets in, they would only be able to see these random streams of values.

It is important to understand that proper preparation prior to a cyber attack is the only way to truly be protected. Edge security has expanded to include billions of devices including IoT, mobile and web pages – all susceptible to cyber threats. Our MTE technology quickly and efficiently provides the security needed at the application level. MTE technology eliminates the risk by replacing valuable data with meaningless, instantly obsolete random streams of values. Our technology provides true end-to-end payload protection through every hop of a network, regardless of the configuration, and ensures that in the event of a breach, attackers cannot use the data to cause harm.

Despite the lengths that a company goes through to prevent a cyber attack, they can still occur. Having an Incident Response plan is critical to stopping the attack, gathering forensic data, and restoring the environment to a stable and more secure state.

AFTER A BREACH

So, what do you do if your company falls victim to a cyber attack? Immediately execute your Incident Response Plan. Aside from all the initial activity of shutting down services or systems to limit the spread and/or damage to those systems and performing Cybersecurity best practices to recover, a company should also do the following:

Contact the insurance company: Contact your Cyber Liability Insurance company for guidance on how to proceed. This will allow a company to ensure their insurance will cover expenses, which can go up into millions of dollars.

Contact Third Party Incident Response Company: Be sure to contact the insurance company to make sure this third-party incident response company is approved beforehand.

Restoration/Disaster Recovery Timeline: Determine when to start restoring from backup or perform Disaster Recovery operations. Ensure that all measures have been taken to prevent another cyberattack beforehand.

Forensics Effort: Save all data that could be used in the Forensics effort.

Notify Partners that may be affected: If your company has partners or entities with which network resources are shared or if there is any way in which your breach could affect others, contact them, and take steps to ensure they are protected from you.

Once appropriate action has been taken to recover after an attack, the company must reevaluate its own security policies and prepare itself to be better protected in the future in order to regain trust and a sense of safety.

“It isn’t a coincidence that the rise of cryptocurrencies gives the malicious hackers a surprisingly convenient way to be paid without involving banks. There must be plans to keep malicious hackers OUT—and a plan to protect the data. MTE protects your data, and these best practices identify and/or prevent hackers from getting into your network or systems,” states David Schoenberger, Eclypses Chief Innovation Officer.

It is every company’s responsibility to follow best practice regarding their cyber security. With quantum computers and the increasing number of online workers on the rise, companies must always be aware of their own cyber security and what a mass data breach could mean for them and their future.

Contact our team today to learn more about our MTE technology and how this technology can solve your data endpoint vulnerabilities: contact@eclypses.com