Cyber attack: You’ve been breached, now what?

- July 27, 2023 3 MIN READ

We can all agree by now that cyber breaches are as likely, if not more likely than any other risk in business. Most organisations have either been breached or soon will be. The only uncertainty is the level of resulting financial and reputational damage incurred from a cyber attack, writes Trevor Dearing, Director of Critical Infrastructure, Illumio.

There has been a lot of talk to date around prevention strategies. However, a more practical approach is to assume a breach and clearly lay out a plan for containment and damage control. There is also merit in looking at how others have handled a breach and learning from their hardships. Here is a play-by-play simulation of how a breach could play out in your business and how to minimise the blow.

What we can learn from past cyber attacks

 Cyber attacks continue to have a significant impact on companies, with the effects varying depending on the industry, technology, and scale of the attack. The Optus breach in 2022 was one of the biggest security breaches ever in Australian history and saw the personal and medical data of millions of customers compromised. The implications of such a large-scale security incident can be severe and long-lasting. Meanwhile, earlier this year ASX listed company IPH suffered a cyber incident that led it to enter into a temporary trading halt – so in this case, not only data was impacted, but broader operations as well.

Regardless of the methods used and the implications of cyber attacks, it is crucial for businesses that fall victim to act quickly to contain the impact and to communicate the consequences to customers and other key stakeholders as soon as possible. But catching and quickly reporting on cyber attacks is a balancing act – if you issue a response too quickly, it can lack specific details and important information. On the other hand, if organisations wait too long, they then leave themselves open to criticism and reputational damage.

Best practice after attack communications

Following a cyber attack, organisations should communicate to stakeholders, customers and investors clearly and efficiently and work with regulators to identify, report, and remediate security incidents within stringent timeframes.

Immediately after an attack, businesses typically undergo a digital forensics process to determine the nature and extent of the breach. Post-breach communications timelines vary depending on the organisation’s technology stack and IT resources. After discovery, the first step is to get everyone on the ground and gather information. You need to establish how and what occurred and why so you can determine the next steps in terms of alerting and remediation. However, if this process will take too long – think days, not weeks – then you need to be transparent with whatever basic information you have, outlining that further investigation and regular communication is to come.

Once you do have all the relevant details, communicate very clearly the full extent of the breach and the impact on customers, business leaders, and investors. While you may not go into the deep tech weeds of the breach itself – it is critical that you do not hold back when outlining the extent of the damage. We are all too familiar with companies playing down the impact of a cyberattack, only to make corrections in the days and weeks following. Recent research from Twilio showed that 64 per cent of APAC consumers would be more willing to share personal data if a brand is transparent following a breach and takes necessary steps to address the situation.

Finally, assess key takeaways and learnings stemming from the event. How could we have handled this incident better? What could have been done differently and more proactively? And most importantly, what are we doing to minimise damage from future attacks?

Assume it will happen again – and prepare accordingly

The truth is that recovery from a cyberattack is never fully realised because another attack is just around the corner. To survive in this rollercoaster environment, companies must continue to build cyber resilience – in essence, being prepared for the ride. Having all the necessary systems in place to ensure that your organisation can make it through the inevitable twists and turns in one piece and with as little damage as possible, and then go again.

To achieve this in cybersecurity, businesses need to maintain an assume, not prevent, breach mindset. This means ring-fencing and protecting high-value applications and data by restricting access to only that which is critical and necessary through technology such as Zero Trust Segmentation. If businesses look to contain as opposed to just stopping breaches, they will not only reduce the impact of attacks, inspiring greater trust among customers and other stakeholders, but also be able to better identify and respond to attacks more quickly as they evolve.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on FacebookTwitter, Instagram, and LinkedIn.

Now read this

Are spreadsheets safe? The business cybersecurity risk that’s right under your nose

Small Business Guide to Tax Time with Mark Chapman