3 ways to respond to any data hacker

No industry is safe from a cyber attack. In the past year alone, we’ve seen it all from gas pipelines for large swaths of the United States shut down to breaches of hospitals’ data around the world during a global pandemic. This is fact, not fiction.

The computerised equipment managing a U.S. based pipeline was hacked on April 29th, 2021. Cybersecurity experts believe the entry point for this attack was made possible through a “single compromised password.” While that was how the hackers got in, the oil organisation left itself wide open by not using multi-factor authentication on its VPN account.

The true origins of these attacks are widely debated but whether foreign or domestic, companies need to know how to protect their most sensitive asset—their digital information worlds.

What lessons can be learned from these incidents to help organisations protect themselves against future hackers?

Is there really a difference between foreign and domestic hackers?

Since state-sponsored hackers tend to have deeper pockets to carry out their campaigns, they can often infiltrate organisations’ vulnerable IT systems for longer periods. While they’re in your organisation’s system, they can install various “back doors” in an effort to extend their reach and avoid major detection.

Unfortunately, nation state-sponsored cybercrime is digital warfare that’s not going away any time soon. HP’s Nation States, Cyberconflict and the Web of Profit 2021 study highlights 75% of experts believe Covid-19 in particular has presented itself as the perfect opportunity for cyber attacks from adversaries. What’s worse is that more than 40% of these incidents had both a physical and digital aspect to them. Motives aside, the methods used by foreign or domestic actors to infiltrate systems are not so different. The practice of weaponising chatbots for phishing is starting to be used. When users respond to messages, they could be tricked into revealing login details.

Holding an organisation’s data hostage is not a unique concept. The use of any destructive malware attacks reveals the need for organisations to focus on containment and protection.

Here’s how organisations can respond to data hackers:

Slowing Down Hackers

Just maintaining hardened firewalls isn’t enough anymore to protect an organisation’s perimeters. Anyone in IT security knows a firewall is no longer good enough. But what can go a long way toward preventing users from responding to suspicious-looking emails, even though it can’t fully prevent any breach from occurring, is employee education.

Take time to put together a solid course for all employees to take outlining cyber safety precautions. This will help your organisation avoid the most common mishaps like clicking on a link from an unknown sender or sharing information with someone who lacks proper credentials. If done right, these types of education sessions will help employees be more alert about their digital surroundings and thus slow down potential bad actors.

Privilege Escalation Containment

Privileged access management organisation BeyondTrust defines privilege escalation as “an attack that involves gaining illicit access of elevated rights, or privileges, beyond what is intended or entitled for a user.” This can be anything from taking over an account to exploiting software bugs for, and gaining administrative privileges.

If not contained quickly, these privilege escalations could quickly turn into full-blown Wiper malware attacks, where hackers gain access to your data to either be completely removed or overwritten.

These have been happening more recently all around the world from Iran’s railway system being attacked by Meteor Wiper malware or the attempted wiper attack ahead of the Tokyo Japan Olympics.

In most cases, the digital footprint available for attack is global according to Deep Instinct’s Director of Cybersecurity Advocacy, Chuck Everette. Even just waiting 60 seconds is too long for a cyber criminal who’s gained privileged access to your system.

Given the global nature of today’s attack reach, putting a privilege escalation containment measure or two in place is crucial. Everett recommends having a “firm understanding of where your data and assets are located, implementing good security hygiene best practices and investing in state-of-the-art monitoring and cybersecurity prevention products” for successful protection.

Syncing Containment With Data Protection and Disaster Recovery

When it comes to cyberattacks, the need for robust data protection and recovery is a no brainer.

To implement data protection and recovery, frequent and automatic data backups along with fast system recovery processes allow you to restore your data as well as the associated application software and underlying operating system. Consider storing an immutable copy of data offsite and offline where it cannot be hacked or changed to ensure you have a way to recover using clean, uninfected data.

Whether it’s physically securing or encrypting stored backups, especially during network transport or with remote or cloud-based backups, having a data protection and recovery plan in place is a necessity for all organisations.

Both foreign and domestic hacks remain unpredictable. Are you ready to respond to a data hacker who sets his or her sights on your business?