Knowing, or suspecting, that your business is experiencing a security breach can bring up a range of emotions. Several actions need to be taken, and quickly, to stop an intrusion and keep your systems safe. This article will give you a technical understanding of how Anteris identifies and deals with security breaches for our Clients.
What does a security breach look like?
In general, there are seven steps of a cyberattack:
- Reconnaissance. Hackers identify a vulnerable target and look for ways to exploit it.
- Weaponization. The hacker uses the information gathered in reconnaissance to create ways into the target’s network.
- Attack. The hacker delivers their attack.
- Exploitation. The hacker starts to see the rewards of their work as usernames and passwords begin to arrive.
- Installation. The attacker installs a persistent backdoor, creates administrator accounts on the network, and disables firewall rules so they can ensure continued access to the network.
- Control. The hacker has unrestrained access to the entire network and administrator accounts and can now do things like impersonate any user and lock a company’s IT users out of the organization’s network.
- Objective. This can vary by the hacker as some are driven by money while others are just intent on causing chaos.
An intruder is trying to infect a client’s system with ransomware. This is a piece of software that locks down data and systems. Typically, you are asked to provide a financial payment within a limited timeframe to have your system unlocked. Fail to comply, and your data can be deleted.
The intruder is attempting to use a program to access a Client’s systems and eventually their data. The antivirus program we use notifies us of the issue and continues to deny access to the intruder. We determine this is a concentrated attack and notify the Client. The intruder attempts to lock down data, but our backups of your data and servers can be used to restore your system.
In order to stop the cyber attack, or to halt the intruder’s progress, parts of a Client’s system may be isolated or shut down. Ultimately, we change necessary protocols to expel the client from the system and firmly deny access. We then proceed to perform an audit to understand how the intruder gained access and identify a plan to prevent future access.
How to respond to a breach
Clients often describe a mixture of panic, confusion, and anger when they are notified of a breach. There’s considerable fear that a compromised system will cause financial ruin, damage to your reputation, and fracture relationships with business partners and employees. The truth is that breaches, cyber threats, and security challenges are rather common. What’s uncommon, however, is having a recovery plan for handling the aftermath of a breach. This is another way your managed IT service provider can assist. A Strategic IT partner will not only help you in addressing the breach but will also construct a plan tailored to your business goals and directives to address the aftermath and recovery from the breach.
What are the keys to handling a breach?
While we tailor breach response to each Client, we do have a few standards for how we handle a breach. When it comes to handling a breach for a Client, we follow these principles:
- Frequent communication. This is a two-way street. While we keep the client updated on our progress to stop the breach, we also need to know if other systems have been impacted. Communication is vital when it comes to a postmortem of the attack. For instance, learning that you or an employee received an email you thought was from Microsoft regarding your Office 365 subscription tells us it was a phishing attack.
- Ask us anything. Information and results are the best antidotes for mitigating an attack. No question is too trivial when it comes to protecting your business.
- Act on lessons learned. After learning what caused the breach, we act on the lessons learned to prevent a future attack. In the example of a phishing attack, we’ll train your employees on what a phishing attack looks like and how to safely report them to us.
Being attacked can feel bizarre, particularly if you don’t work in a high-profile industry, or if you’re a small business rather than a corporation. Most attacks are random, but lower-profile industries and businesses are chosen precisely because an intruder believes security is subpar. In the case of a ransom attack, an intruder might assume a small business could feel overwhelmed and thus be willing to do anything to get their data back. By working with a managed IT service provider, you can have a robust security system and recovery plan no matter your business size.
How Anteris can help
In addition to responding to security breaches when they happen, we provide security awareness training to our Clients to teach their employees to prevent opportunities for attacks. As your managed IT service provider, communication, training, and prevention are our top priorities for data security. Schedule an appointment to find out how Anteris makes security and technology freeing, not frustrating.