Recovering from a Disastrous Cyberattack

In July 2021, Kaseya, developer of IT solutions for managed service providers (MSPs), fell victim to one of the biggest ransomware attacks in recorded history. Cybercriminal syndicate REvil claimed responsibility for the attack that impacted approximately 1,500 organizations globally.

The Kaseya hack is reminiscent of another disastrous supply chain attack in 2020—the massive breach on SolarWinds, another U.S. IT firm, which impacted certain U.S. government agencies, including the Treasury Department, the Department of Homeland Security (DHS), and the Pentagon. The list of affected companies included Cisco, Intel, and Microsoft.

These are just two of the most well-known, but there are many more damaging cyberattacks, particularly against healthcare organizations, that have been recorded to date.

A Matter of When Not If

As more and more companies embrace digital transformation, cyberattacks will increasingly become inevitable. Hence, the important question staring everyone in the face: Are you prepared to weather the cyberattack storm that’s brewing on the horizon?

Steps to Recover from a Cyberattack

To bounce back from a cyberattack, here are some best practices to keep in mind.

1. Make a Thorough Inventory of Lost or Stolen Data

It’s important to keep a level head during a cyberattack. Panicking may only exacerbate the problem. Your primary objective at this point is to mitigate the damage.

The first thing you have to do is determine which data has been compromised or stolen. This step is important because it will be the basis for your next steps. For example, if login credentials have been stolen, a simple password reset or activating multi-factor authentication may be enough to solve the problem. But if social security information has been stolen, your next steps may be to ask customers to report the theft to each of the credit bureaus, put a fraud alert on their credit files, and so on.

2. Figure Out What Caused the Attack

Stop everything you’re doing and find the cause of the attack. Is it malware via a phishing email or a distributed denial-of-service (DDoS) attack?

Contain the damage as best as you can, and if it’s malware, keep it from spreading to other areas of your network. Disconnect from the internet if you need to, disable remote access, change passwords, and immediately install security patches. If it’s a ransomware attack, make sure to contact the authorities and put your crisis communication plan into action right away.

3. Update Your Security Tools

Replace legacy security systems with new artificial intelligence (AI)-powered technology, making sure the solutions you deploy are highly integrated. This way, you get better visibility into your IT environment and improved response times.

4. Train Employees on Cybersecurity

One of the most common causes of a security breach is human error. According to recent studies, “95% of cybersecurity issues can be traced back to human error.” By conducting regular employee awareness training and simulated phishing exercises, your employees will know how to recognize an attack, how to respond, and to whom to report the breach for investigation.

5. Secure Your Passwords

Encourage employees to use strong passwords, avoid recycling old passwords, and not use the same passwords for multiple accounts. Employ multi-factor authentication across the organization to add another layer of security. Even better, use a password manager like LastPass to keep passwords safe and secure.

6. Back Up Your Data

Full, encrypted backups of essential business data can get you up and running in no time in case of a breach. When creating backups, remember to:

• Save your encryption key or password in a secure location, preferably not where your backups are stored
• Create redundant—or multiple—backups
• Keep a minimum of one backup file offsite
• Use different media types for your backups

Who Is Involved in the Recovery Process?

Fully recovering from an attack is understatedly a group effort from everyone in your organization—from your head of IT to legal and compliance teams, to every one of your employees.

Post-attack, the cybersecurity/risk management teams should conduct an inventory of the afflicted data, find out which controls failed and which part of the system was compromised, determine the extent of the damage, and figure out the root cause. If you don’t have in-house cybersecurity or risk management teams, or if the scope of the work is too big for your current team, have a managed IT service provider handle this for you.

The legal and compliance teams, meanwhile, will be responsible for communicating with authorities, suppliers, and clients, and sharing just enough information about the attack to put stakeholders at ease.

Cyber Recovery vs. Disaster Recovery: What’s the Difference?

There are some similarities between cyber recovery and disaster recovery. However, they vary in terms of purpose and how they’re designed.

Cyber recovery: This process focuses on protecting your data and assets and preventing future losses. It entails reliable physical and virtual backup of your files, effective data protection protocols, and regular and consistent updates to your backups.

Disaster recovery: This process aims for business continuity after a cyberattack. It focuses on the ability to quickly resume operations, mitigate the damage, rid your infrastructure of infected or compromised files, and repair your systems as quickly as possible.

To protect all areas of your business, it’s important to have both cyber recovery and disaster recovery protocols in place.

How Cyber Insurance Can Help You Recover from a Cyberattack

There’s no guarantee of complete recovery when it comes to cyberattacks. However, you can recover faster financially if you have help handling the cost of the damage. This is what cyber insurance can do for your business.

Depending on the type of policy, cyber insurance can cover the costs associated with:

• Ransomware settlement payments
• Legal fees
• Notifying customers about the breach
• Restoring compromised identities
• Hiring computer forensics experts
• Replacing or repairing damaged systems

Recent Cyberattack and Settlements

To better illustrate the role cyber insurance can play in post-attack recovery, here are examples of some of the most notable data security breaches, fines, and cyberattack settlements in recent years:

• The March 2021 CNA Financial breach locked employees out of company resources and stole data, forcing CNA to pay a ransom of $40 million, considered to be the largest settlement payment to date.
• Online dating service MeetMindful suffered a cybersecurity attack in January 2021, resulting in a breach that compromised the data of more than 2 million clients.
• The Facebook data of more than 530 million people was compromised through scraping in 2019.
• In May 2021, Colonial Pipeline suffered an attack that forced the company to shut down its fuel pipeline, affecting airlines and consumers along the East Coast.
• The Equifax data breach settlement includes up to $425 million. The breach compromised the private information of approximately 147 million people.
• DeFi platform Poly Network lost $610 million to a hacker in 2021, in what was known as the “biggest cryptocurrency heist in history.”
• The University of California in San Francisco (UCSF) paid over $1 million to cybercriminals following the ransomware attack on the UCSF School of Medicine.
• Amazon Europe paid €746 million ($887 million) to Luxembourg’s National Commission for Data Protection (CNPD) for noncompliance with the GDPR’s general data processing laws.
• Excellus Health Plan paid the Office for Civil Rights a $5.1 million settlement fee for violation of the HIPAA privacy and security rules.

Putting Solid Cyber Protections in Place

Having robust cyberattack safeguards in place can be the difference between your business powering through or going under after a security breach. Include all the necessary teams during recovery and consistently educate your employees about data security and what to do during a cyberattack. To mitigate the effects on your business, partner with authorities and insurance providers.

There’s no perfect way to attack-proof your business, but by staying proactive, implementing cyber hygiene policies across the organization, and keeping in mind that cybersecurity is an ongoing process, you’re putting your company in a much better position security-wise.

Leave a Comment