Revealed: 10 steps that GCC firms should take when dealing with a cyber attack

Remote working has become the new norm now in many of the world – including in the GCC – due to the Covid-19 pandemic.

But with employees now working from home-wifi networks and accessing data through various devices, cyber security has become a major challenge.

“When accessing corporate networks remotely, there is a higher risk of unauthorised access and data leakage,” explains Tamer Odeh, regional director, Middle East, at cybersecurity company SentinelOne.

“Employees may engage in behaviour they never would do at the office, such as sharing a device with other family members or using the same device for both personal and work activities. Also, the use of home ISPs and public wifi services present an attack surface that is outside of your IT or security team’s control.”

According to Odeh, the biggest financial losses due to cybercrime occur through business email compromise (BEC), where attackers take over or spoof the account of a senior manager or executive, and use that account to instruct another member of staff via email to make a wire transfer to an overseas account, usually on the pretext of paying a phony invoice.

“An increased number of staff working remotely presents an opportunity for BEC fraud, as the whole scam relies on communications that are never confirmed in person,” Odeh states.

Phishing campaigns are a threat for all employees, but for those who are not used to working from home and are now dealing with an increase in the number of emails, it can be easier to lose perspective on what is genuine and what is a scam.

“In particular, with a rise in malspam playing exactly on fears of coronavirus from the “usual suspects” like Emotet and TrickBot, remote workers need to be extra-vigilant,” warns Odeh.

“Unlike the desktop computers in your office, which likely never connect to any other network than the company intranet, portable devices like laptops and smartphones used by remote workers can have a history of network promiscuity. If such devices are unprotected, you never really know where they have been, what they have been connected to, what peripheral devices have been plugged into them or what processes they are running.”

Although regional organisations are now prioritising cybersecurity, the threat surfaces have increased and many loopholes remain. In such a scenario, there is a possibility that companies fall prey to major and minor attacks.

“Cyber breaches are damaging and surely carry a negative impact on an organisation’s IT infrastructures as well as their business,” says Odeh.

He also suggests 10 steps that organisations if faced with a cyberattack –

* Take immediate action and respond as soon as possible. Time is everything and quick response is instrumental to not allow any further escalations.

* Do not panic; sometimes situations are way easier than they may look. Adopt a problem-solving attitude and work towards assessing the situation calmly and objectively.

* You need to isolate the attack and, in some cases, suspend your network function.

* If you have backup servers, switch to them immediately so they can allow your network to function while the response team is working on fixing the problem.

* While notifying your response team is important, you may want to notify your HR and legal teams, as well as authorities in some instances.

* Do not pay the ransom when facing ransomware attacks. In some cases, even after paying the ransom, nothing will change, and if it will, there is no guarantee that cybercriminals didn’t leave a “little gift” in your system for a soon repeated attack- especially if they know you are willing to pay. It is way more effective to invest your ransom money into bettering your cyber protection and working with experienced consultants to ensure this doesn’t happen again.

* Investigate the attack and make sure you look into possible effects of the data breach beyond IT systems.

* Try to identify the reason why the attack happened and find the vulnerabilities that your cybersecurity infrastructure has that need to be mended.

* Inform your clients about the breach if needed. You must be transparent.

* Make sure you do everything you can to prevent any further cyberattacks.

To better understand how you can keep your network safe and secure – especially in the current scenario – and ensure that your security systems are equipped to deal with the threat landscape, join us and the team at SentinelOne for a special webinar on Wednesday, April 29 at 2pm. Click here to register: http://response.gulfbusiness.com/sentinelone-webinar