Cyber criminals aftermath: 9 tips for companies affected by a cyber attack

2022 02 03

Author: Agnė Marija Bučytė

It is silly to think that cyber criminals attack the same victim only once. Having an opinion as such, “why would attackers try to break in again, especially after we have fixed the system’s vulnerabilities?” is only a matter of time before a cyber attack will occur again, leading to disrupted systems, stolen data, and many other consequences. 

Statistically, if a company has already experienced a ransomware attack and agreed to pay a ransom to criminals, it will likely be attacked again. Various sources, including Cybereason, say that 80% of the companies that paid the ransom were targeted again by hackers. Information about companies that pay criminals is not confidential – such information is shared between them and can be made publicly available to the media.  

By discussing various world’s companies’ examples of repetitious cyber attacks, in this blog post, we will present the essential tips on how to act after a cyber attack and how to protect yourself in the future. 

Cyber criminals repeatedly focus on the same companies  

For businesses experiencing a cyber attack for the first time, it can take a considerable amount of time and effort to regain the trust of customers, partners, and other stakeholders while also trying to restore their public reputation. Often only after significant cyber incidents do companies decide to devote more financial and human resources to ensure a higher level of security.  

Although employees may think they have “learned from the past mistakes,” it is naive to assume that hackers will not attack the same company a second time. In any case, global practice shows otherwise. Here are some examples: 

  • LinkedIn. In 2012, the first data leak of a well-known social network service such as LinkedIn occurred. Cyber criminals have stolen data from about 6.5 million LinkedIn visitors. Later in 2016, the investigators found that the scale of the hack was much larger than initially thought, and the amount of data leaked was as high as 117 million. Although LinkedIn’s security infrastructure has been strengthened, in 2021, the cyber attack scenario was repeated once again. On a much larger scale, cyber criminals have leaked data of about 700 million LinkedIn users.  
  • Marriott International. In 2018, the American multinational hotel chain company Marriott was the subject of a cyber attack during which approximately 500 million personal hotel visitors’ data was made public. In less than 2 years after the incident, Marriott experienced a second cyber attack that leaked about 5.2 million hotel customer data. Although the second attack caused less damage to the company, it is impossible to guarantee that Marriott will not suffer a third cyber attack in the future with more enormous consequences.  
  • Yahoo!. In 2013, Yahoo! suffered its first significant hack, affecting more than 1 billion accounts. Moreover, in 2014, Yahoo! experienced another data theft during which cyber criminals exposed a lot of private user information, such as names, surnames, mobile numbers, etc. The latest cyber attack has exposed about 500 million personal data of Yahoo! visitors. 

9 security tips for companies affected by cyber attacks

Global practice reveals that a company that has once experienced a cyber attack is not guaranteed to be safe from happening again. The damage caused by a cyber attack partially depends on the amount of data the company had those criminals could steal and possibly disclose. Thus, addressing security vulnerabilities on time must be relevant to corporations and SME-level companies 

Given the tendency of cyber criminals repeatedly attacking the same companies, we present 9 tips for companies that have experienced cyber attacks: 

  • Learning from mistakes pays off. Whether the company suffered a cyber attack a month ago or 5 years ago, it is necessary to analyse the event. It includes a detailed event causes examination to understand what errors have been made and what actions are needed to prevent recurrence or minimize the impact of such cases. For example, suppose hackers could gain access by changing the URL string. In that case, access should be reduced, and secure programming practices should be introduced. It is also advised to monitor whether such vulnerabilities can currently be detected anywhere else, and so on.  
  • Ensuring systems’ security. It is not enough for companies to self-assess the causes of the misfortune and move on. Companies need to carry out regular external and internal systems inspections to look for potential gaps and close them. It is often necessary to look for possible vulnerabilities and add additional layers of security, such as two-factor authentication as an example.  
  • Employee education every employer’s responsibility. It is no secret that the human factor can often determine the success of successful cyber attacks. Therefore, it must become a priority for companies to introduce and continue developing employee competencies related to cyber security. Employee education is an excellent preventive tool that speeds up the detection process of potentially critical cyber security incidents and responds appropriately to a cyber attack. 
  • Incident management plan a necessary practice. Employees need to know how to assess the event’s criticality, who to turn to during a cyber attack, and what further actions must be taken. It is helpful for companies to review and, if necessary, update their information security policies, access control procedures and define an incident management plan. An incident management plan cannot only help prevent cyber attacks but, at the same time, help reduce the damage caused by a cyber attack.  
  • Storage of data backup copies. The thought of losing all the photos we have stored on our mobile phones may seem a little scary to some people. Still, it is incomparably worse for any business to lose all its data. Such a situation can be easily avoided with regular data backup copies and storage protection.  
  • Crisis communication in the event of a cyber attack. Poor internal and external communication during the cyber attack — a practice that none of the companies should follow. When companies adopt denial tactics or conceal information about the incident, they simply risk their reputation and the security of all stakeholders, including customers, partners, employees, and others. It is crucial for companies to self-assess and define a crisis communication plan, even if the chances of experiencing a cyber attack seem minimal.  
  • Solid safety practices in the workplace. Have you often noticed an abandoned and unlocked colleague’s computer? Did you know that leaving your computer screen open and accessible can have dire consequences even when you work from home? Irresponsible use of an unlocked computer by a family member can lead to data deletion, information leakage, virus infection, or computer file encryption. Great security practices also dictate that you should not pick up randomly found USB storage devices, especially when placed into your work computer. It is also not safe to let strangers, suspicious people into the workplace, or worse, do nothing if you notice them.  
  • People naiveness a highly valued trait by cyber hackers. Social engineering is a commonly used term for cyber security. Still, it takes on a slightly different connotation for a company whose user data has once been stolen. It is a hacking method that involves pretending to be other people to trick the victim into taking specific actions. Criminals can take advantage of personal information obtained from company employees or customers. They can vary convincingly pretend to be another person and carry out highly personalized scams or other social engineering attacks.  
  • Remote work still can cause many security threats. At first glance, working from home is a frequent practice these days, not raising any security threats. In reality, there are fewer security measures in place at home, and computers are more difficult to administer or protect. When working from home, compliance to safety practices is highly dependent on the actions and responsibilities of employees. Colleagues can often connect to an untrusted Wi-Fi network, forget to use a VPN, go to a coffee shop with a work computer. Moreover, leave it unattended or abandoned in a visible place in the car, ignore computer warning messages, and so on. 

Information security — rather a necessity than a trend 

Undoubtedly, the hackers themselves have a kind of pride in repeatedly “hacking” the same company’s systems. Meanwhile, for companies, this means recurring losses.  

Information security is an area that requires continuous improvement and maintenance. Companies need to adopt solid information security practices as a preventive measure to avoid cyber attacks. If hackers successfully execute a cyber attack, the company must conduct a thorough case study to identify vulnerabilities in the infrastructure. Additionally, companies should develop an effective action plan to prevent recurring attacks. The earlier an action is taken to ensure an adequate security level, the better changes to avoid such attacks or lower the damage level.  

If you want to start implementing effective information security practices in your company, the Baltic Amadeus team is more than happy to help you. Contact us now.