Cybernetic attacks have been in the spotlight all over the world as they have touched even the most important companies. In a previous article we explained the costs of being a victim of a cybernetic attack, we are talking about money; the economic losses that are suffered by the companies when their systems are attacked.
Now, when we are the victim of that type of happenings, aside from considering the economic losses, we should also consider that there were other losses with the attack and when we consider them we can project them for a possible future attack. There are factors that are simple “iceberg” tips but if we look deeper into it, we can find very serious problems. Next, we are going to enumerate and explain each one of the consequences of the attacks by the level of severity.
- Data Theft could be said to be the most common problem even if it is named first, but this doesn’t mean that is it the less dangerous, we believe it to be completely the opposite. The theft of information made to a company can cause very heavy losses since once the “security” of the data base is violated, the personal information of the clients of the company is exposed and this is something that is not well looked at by the clients if they find out. If this were to happen, it would bring along additional repercussions such as loss of confidence, credibility and even reputation.
- Violation of the system: this can produce a sudden pause throughout the operation of the company and the deterioration of all the assets such machinery, devices connected to the system such as computers, tablets, telephones. In addition, if this is not dealt with on time the equipment might end up infected and it may be extremely difficult to withdraw that infection in order to normalize its use.
- Corporate reputation: Any failure, no matter how small, that exposes the company as having had its security breached, the reputation and credibility of whether the systems have been cleaned completely or if it is possible to be clients again without your data been exposed again to another attack are in doubt.
- Seizure of devices: this practice has been the most used in the last years blocking all the computation devices of a company and asking for some type of ransom in money to “liberate” the devices. The problem is not the money but instead, will they really be liberated or will a malicious invisible software remain there to spy on the company and later make another blockade? These are the questions that the leader of an organization must analyze after being the victim of one of these attacks.
- Health: Pacemakers have been proven to be easily hackable since their programming is not as complex as it should be in order for its security to be the most adequate one. Now, imagine what would happen if a pacemaker is hacked and it is stopped?
These are some of the nightmares that the companies could live through if they are victims of a cyberattack. Nowadays, the leaders of the companies must think of a way of detecting and making projections of a possible cyberattack plus they also have to optimize the response times in case of such an attack. Management of attack risks allows prioritizing managers appropriately so that they take action in case of irregularity in their systems.
What can be done in case of an attack? It will all depend on the type of attack that they are receiving, but in general:
- The first step that we suggest is that they stop the attack, that is, that they isolate or disconnect all the devices that are connected to the network and/or among them.
- Then, if they don’t have an expert on hand at the moment, calling him immediately is the best thing that can be done so he can take action regarding the matter.
- Verify the continuity of the service that is offered by the company (in these cases, many companies are prepared with an emergency protocol for these situations by diverting service to other devices).
- Legal implications might exist with this action regarding clients or providers, the best thing is that you communicate with the authorities so they are aware of the matter.
- Next, determine the reach of the attack and the consequences it can have.
As it was mentioned in the prior article “Costs of Cyber Attacks”, the vulnerabilities are many but currently, the most common ones are known which allow such a simple and easy entry that they are the ones that are used to get into the systems. We leave a list of some practices that open a vulnerable door for systems to be hacked:
- It might sound like a cliché but it is very true, the licensing of the software and applications that are used in the computation equipment of the company must be original ones given that every day a new security or protocol breach is discovered and the software requires constant updates for them to be covered.
- Systems are configured poorly, this can leave thousands of open breaches so that one who wants to get into the system may do so It is very important that the configuration of the servers is kept under constant supervision in order to maintain its optimal functioning.
- Something that is often said is regarding the training of the employees so that they abandon the bad habits of security and so they can identify the smallest and simplest possibilities of infection.
- Something in which we must be very strict is in the use of personal devices in a corporate environment… We must avoid this practice at all costs.
To end with this issue, as experts in security we want all companies to be concerned about their security since it is an issue that touches any of them, be it large or small. Any one can be responsible for these attacks, in general, we find people called “Hackers” who are independent and on the other hand, there are organized groups that have one same objective. The last recommendation we can make is that you do not forget to generate a security copy and cipher it. In addition to safeguarding also the personal information or data of all your clients with a truly safe ciphering which promises the shielding of conversations and private information.