Hacked, now what? 

You can no longer send emails, important data is no longer accessible, and backups are encrypted. You have been hacked, now what?  

How do you recognize a hack? 

There are dozens of ways to get hacked. How you recognize a hack depends on the type of hack. Here are the points by which a you can recognize common hacks: 

Recognizing a ransomware attack:

• Files, applications or entire systems are no longer accessible; 
• In several folders where files were encrypted, you will find text files with information about the attack; 
• Notifications on your system ask for a quid pro quo to regain access to your systems. This "ransom" is usually a ransom amount in bitcoins; 
• Names of ransomware variants that encrypt files include: Cerber, CTB-locker, Coinvault, CryptoLocker, LockerGoga, Locky, Petya, Ryuk, SamSam, Teslacrypt, TorrentLocker, WannaCry and Wildfire. Of course, new variants are added every day. 

Recognizing a DDoS attack:

• Your network is inaccessible, unusually slow or unstable; 
• Your network or Internet connection is suddenly disconnected;  
• The website is a lot slower than usual; 
• Certain functionalities, for example, login, are not available; 
• Strange error messages appear when you visit pages; 
• You may see unusual spikes in website traffic in web statistics or log files. 

Four critical steps in cyber incidents 

To effectively deal with cyber threats, it is important to be prepared. In these four steps, we discuss how to protect your organization. 

Step 1: know what you need to protect 

Protecting your organization completely from any kind of outage or cyber threat is impossible. That is why it is critical to identify and prioritize potential threats and their effects. This allows you to know which products, services and processes are critical to your operations, what it takes to keep them running and which ones you need to fix first should things go wrong. 

Step 2: Revert to your recovery plan 

A recovery plan or Disaster Recovery Plan (DRP) is a document, or part of the business continuity plan, that includes guidelines and approaches that describe how you can quickly resume operations after a cyber incident.  

Ensure that the recovery plan is always up to date and has been tested. Recovery plans prove to have many snags in practice and a major cause of this is that plans are not sufficiently practiced. In addition, it is important that your plan is properly secured, it contains sensitive data and you do not want the plan for after a hack to end up with the hacker himself. Want to learn more about business continuity and the different types of recovery plans? Our article on business continuity goes deep into the different types of policy plans. 

Step 3: communication and coordination 

During a cyber incident, you cannot do without effective communication and coordination. It can cause internal unrest, as well as unrest among customers, suppliers and other stakeholders, resulting in reputational damage. Be sure to inform all stakeholders and carefully consider what you are or are not telling.  

Step 4: learning and improvement 

Cyber incidents are also instructive. Once the incident has been resolved, business processes are back up and order has returned to your organization, it is time to consider what lessons you can learn from it. To do this, it is important to keep records of each recovery operation. Make sure that decisions and activities are recorded. After a review, more often becomes clear about how the incident occurred, the damage it caused and what activities facilitated or worsened the response and recovery operations. 

Prevention is better than cure

It is wiser to invest in preventing hacks rather than solving them. A crucial aspect here is training your colleagues. Make sure they are alert to anomalies and encourage them to raise the alarm immediately in case of suspicious situations.

---