Cyber attacks and business continuity: Better safe than sorry

by Tony Richardson CISSP

IT’S NOT UNCOMMON FOR COMPANIES TO EXPERIENCE CYBERATTACKS, A SINGLE SUCCESSFUL ATTACK IS POTENTIALLY DEVASTATING.

A company could go from functioning as usual to completely crippled in an instant if their systems are hacked or damaged. Companies need to make sure they have a business continuity plan in place – and that it includes cybersecurity so that the damage doesn’t spread too far and cause irreparable harm to the company’s reputation and/or operations. 

Know the risks

Hacking is a risky business, but it’s one that pays off when executed properly. In the reconnaissance phase of an attack hackers identify vulnerable targets and explore ways to exploit them successfully- often with targeted phishing emails as their method of distribution in order to get malware on those computers sooner rather than later. 

The hacker uses the information they have gathered to create believable spear phishing emails that look like emails from a business contact. The attack starts in the delivery phase. Phishing emails are sent, ‘watering hole’ web pages posted online and an attacker waits for all of their necessary data to arrive before they make any moves at all – if this includes weaponized attachments then there will likely be some sort of wait time until someone bothers opening said attachment or downloading whatever malware has been attached themselves. 

The attacker tries usernames and passwords against web-based e-mail systems or virtual private network (VPN) connections to the company’s network. If malware infected attachments were sent, then they remotely access affected computers with malicious intent. 

To get their objectives done, hackers will often create administrator accounts on the network and shut down firewall rules. They may even activate remote desktop access so they can stay in the system as long as needed to accomplish tasks with greater precision than any other means of entry would allow them to do alone. This is known as a backdoor.

From then on the hacker will try to reach their initial objective whether that’s stealing sensitive data or holding something hostage in return for a ransom. 

If you can identify these early signs of an attack, your awareness of the potential risk could completely prevent this happening. Armed with the right knowledge you’ll be able to ignore the trap and identify the attacker so that both you and any associates will never have to deal with them again.

Have a plan in place

Not just any plan; a watertight plan. There is no better time to put a cybersecurity plan in place, so it’s better not to wait around for the right time to present itself. The next catastrophe could be just around the corner, so why leave your business on the line?

It is hard to imagine a more important time than now when cybersecurity should be at the forefront of everyone’s mind. The rise in cyberattacks, both large-scale and personal, will only continue. It is crucial that individuals who are not already knowledgeable about cyber attacks like hackers or ransomware threats take action quickly

A shrewd time to do cybersecurity plans is whilst doing general continuity planning. Why? Because they are extremely interrelated. 

Prepare for the worst, don’t hope for the best

In preparation for cyber attacks, it is important to expect the worst and plan ahead. The “cyber-underworld” is a criminal haven of hackers, scammers and con artists. And yet it’s not surprising that these criminals have found success in their endeavors as they seem to be naturally intuitive people who can see opportunity in detail that most people can’t. 

This is why vigilance is crucial and cybersecurity needs to be tight, enforced thoroughly across your organisation. It’s best to have teams that take a cynical, scrutinizing approach whereby even the most minute details are taken care of. Planning ahead ensures the best chance of successful defence against cyber attacks. The disposition should be to expect the worst; not the ideal. Doing this correctly results in all (known) bases being covered. 

Keep your systems patched and updated

All of today’s mobile devices are running a vast array of software. This includes operating systems and applications we use for just about everything from word processing, to photo editing and sound recording. To prevent known vulnerabilities from being exploited on your device you must keep it up-to-date with the latest patches.

You should always install patches released by software developers to close security holes found in their products. This is because they are aware of the risks posed and want you, as an end user or company using their creations.

 

Conduct regular security audits on your network and applications

Identifying vulnerabilities that could be exploited by hackers is critical. The best way to protect against network and application vulnerabilities is through regular security audits. These can be conducted in-depth or as surface scans, depending on what you need the information for.

Failing an audit could mean losing valuable customer data which could even put you out of business; this makes conducting your own inspections invaluable to the continuity of any business.

Communication in a crisis

The importance of communication during a cyber attack cannot be overstated. In cases where an organisation has been hacked and their servers compromised, effective messaging with internal stakeholders as well as external partners is vital for success in not only business operations but also public relations efforts that aim at restoring trust from consumers who may have lost confidence due to a breach or infiltration.

Cyberattacks are a very real and present danger to organisations. In order for your response to be effective, constant maintenance from an expert team who understands how hackers think – usually many steps ahead – is necessary. The appropriate teams will already know what steps need to be taken beforehand so as to best protect your organisation during a crisis situation without compromising any important aspects such security, making missteps or exacerbating damage to reputation. 

Cyber attacks are inevitable

We are now living in a world where cyber attacks have become an inevitable part of life. They can be from anywhere and originate from entry points like your computer, mobile phone or even appliances like fridge and modern IoT devices. They’re happening more often because hackers are well organised and have worked out systems to profit from that make attacks worthwhile; they know how to hurt us most effectively and where vulnerabilities are most likely to be.

A comprehensive approach is necessary as these destructive nature attack capabilities increase daily.

You can’t separate the business bottom line from cybersecurity factors

The cybersecurity and business bottom line go hand in hand. Protecting your company from the worst-case scenario is a must for any CEO, CFO or leader who wants to be prepared against the potential dangers of cyberattacks. It’s important that you take action now so that you can focus on what matters most—running your company and making money.

Conclusion


Risk management is an important part of business strategy. The more prepared you are for potential cyber attacks, the less likely they will be to happen in the first place. If your business doesn’t have a disaster recovery plan or disaster prevention plan already in place, it should become one of your top priorities because every day that goes by without these plans could mean another data breach and potentially devastating consequences on your bottom line.