- Is it possible to minimize the effects of a cyber-attack? What should be done if it happens?
- Experts from the company S2 Grupo have pointed out that every year companies lose millions of euros due to cybercrime and their corporate reputation is really affected.
- Given this situation, the development of a contingency plan and a Forensics Readiness project are key to resolving a possible incident quickly and with the least possible impact on the organization.
Valencia, 20 October 2020.- As all areas of society become more digital, the number of cyber-attacks increases. In recent years we have seen how cybercriminals have increased their activity through the spread of malware, phishing attacks, ransomware and social engineering attacks, among many other types. The target is always the same: money, or information that is worth money.
Against this backdrop, the company S2 Grupo, specialized in cybersecurity and critical systems management, has ensured that in the coming years 99% of entities, at one point or another with greater or lesser impact, will be victims of cybercrime. Along with this, they stressed that the main consequences of a cyber-attack for companies are, together with annual losses of millions of euros, a major negative impact on their corporate reputation, which even affects the continuity of their business.
“Is it possible to minimize the impact of a cyber-attack? The answer is “Yes”. If we have worked before and done our homework, awareness is the best form of prevention. And the first step is to recognize that we are all susceptible to falling into cybercrime networks. Nowadays, companies fear these types of attacks more than physical theft. Unfortunately, we have experienced how the dimensions of an online attack are truly devastating in some cases”, declared José Rosell, managing partner of S2 Grupo.
“All entities and organizations need to have a cyber incident management procedure in place. This is essential. At S2 Grupo, this is always the first step we take with our clients. A cyberattack can push companies to their limits, which is why we must have a roadmap established beforehand so that we don’t have to improvise when we experience a situation that is so complicated and stressful that, in some cases, even prevents from continuing to offer the company’s service. We only have to imagine its scope if this happens in a bank or an electricity company, for example”, said Miguel A. Juan, managing partner.
S2 Grupo experts have insisted on the importance of prevention and, in this regard, have highlighted that another key point is the realization of a contingency plan (updated network information, equipment inventory, list of organization managers with their updated phones, a person who has all the information about what happened, etc.) and a Forensics Readiness project. This consists of preparing everything necessary (logs, essential information, etc.) to be able to carry out a forensic analysis in the event of a cyber-attack, clarify the facts quickly and act as quickly and effectively as possible to eradicate the incident since, in these cases, the time factor is crucial.
What should we do if we are victims of a cyber-attack?
S2 Grupo has stressed that once the cyber-attack has occurred, the most important thing is to immediately notify the incident management experts, who will take care of all legal, technical and resolution aspects.
The second step is not to take any action on the network until they come. “We know this is something difficult due to the stress generated when detecting that something strange is happening in the systems, but it is very important because the situation could become more complicated”, explained José Rosell.
“In fact, once we have developed the contingency plan and the Forensics Readiness project in an entity, we recommend carrying out a simulation. They are the best preparation for the day when we face a cybersecurity incident”, Miguel A. Juan explained.
After notifying those responsible for managing cyber incidents and not touching anything until the threat analysis is carried out, the next steps are to gather information on the steps that triggered the incident, have network information, inventory, managers, data of affected people, etc.
And from there, the cybersecurity team will work to resolve the action of cybercriminals and that their activity generates the least possible impact on the organization.