What to do during a cyber attack or breach?

How to respond to a cyber attack that is happening right now

Firstly, if it is happening right now, call us on 020 39 85 85 85. Tell the helpdesk it’s an emergency and we’ll get our senior people on it right away. If it’s not an urgent or in-progress cyber attack or breach, you can call or use the contact page here.

If you are reading this as preparation for what to do, then read on.

Start to educate yourself on cyber attacks

Firstly, it’s not if you will get a breach, but when you will be breached. That’s not just my view, it was also reported in the FT recently. Those guys aren’t normally known for their tech reporting, but they understand business.

Secondly, you should read our cyber security page to learn more about the basics of what you should be doing right now.

Put cyber security in place against future attacks

I want to point out something here that is more important that products, or tools, or patching. And that is the philosophy or attitude you need to have. You don’t expect to have a fire, but you get fire insurance. You aim to protect yourself from burglary, but you get insurance. In both cases, you mitigate the impact and you plan for recovery if/when it happens. I’m recommending that you do that for cyber attacks too.

What should you do when a cyber attack is happening to you?

I think you can work out what you’d do in the case of a fire. We had a customer’s factory burn down and 17 fire trucks from multiple counties had to come to contain the blaze. Do you clearly know what you’d do in a cyber breach?

Let’s go through a few of the most common breaches to test your plans:

1. Employee breach – data leakage, confidential info sent out, outright theft, improper access, spying on others… bad actors in your company (yes, it can happen that your staff are bad)
2. Scripted – phishing emails, dodgy websites, automated break-ins of unprotected equipment… any breach run by a robot
3. Penetration / hack from outside… you’re a target from a live person with skills.

Each of these needs a different response. They also need different protection levels.

How to prepare against future cyber attacks

What are cyber protection levels?

Making security simple, you can protect against different levels of attackers. The higher the level, the harder and more expensive. Protection is always budget driven, and the impactor that determines the budget to spend is your view of how important you are.

Simply put, you should consider what you need to protect against with the following scale:

1. Scripts, bots and worms – these roam around the internet. They are basic and easy to protect against. It’s not personal. It’s like a crook testing your front door knob to see if it’s locked.
2. Script kiddies – basic, low experience people using tools they didn’t write and don’t really understand, looking for an easy target. They don’t know you nor care about you specifically; you’re just sport or a trophy for a kid. It might be personal with a disgruntled employee without tech skills or one of your students if you’re a school.
3. Disorganised crime – Lone attackers, small groups of inexperienced criminals using a few tools they may have written but mostly just basic attacks against known weaknesses you haven’t closed. This might be personal where the attacker knows you and has a grudge, or could be an employee with more skills (eg a former IT employee?).
4. Organised crime – This is where it starts getting hard and expensive to protect. This can either be targeted to you, or they picked you up on a trawling exercise with a phishing email campaign and now your are a target. This is where a criminal has cased the joint and seen you’ve been leaving your back window open – it might be a second storey bathroom window, but that’s enough. These people are often systematic in their attacks and once they are in, they pass the ticket to a senior level hacker to continue the heist. Ransomware is a core tool here because it works profitably for them.
5. State sponsored – the NSA, the Chinese government or Russian mafia. If you are a target of these groups, you should be getting help from people better than us. We openly admit that we can’t protect you from this level, and you and I both already know that.

What’s the good news?

The good news for a head teacher or business owner is simple: for all of the first 4 levels, you can protect against all but the most targeted attacks with simple but thorough practices – patching all equipment, using good security tools, giving no access to anything unless clearly needed, using systems like MFA for passwords, regular audits and pen tests, keeping systems refreshed and up to date, user training.

There are others, but doing even just these keeps you protected against all but the most targeted attacks. And that’s the best bit of hope… the attackers need to be way more skilled and determined than the defenders… unless you leave the door open for them.

We can help with your cyber security

Contact us to have an objective, impartial security audit of your current IT company, to see how well they are protecting your systems.

Remember to also read the security information on this page too.