5 Steps to Rapidly Recover From a Cyber Attack

March 7, 2022

As the recent breach of 50 million T-Mobile users’ data made clear, today’s organizations are more vulnerable than ever to data breaches. During the pandemic, cyberattacks with financial windfalls have hit companies hard across sectors. With its fifth data breach in the past four years, T-Mobile is an example of a company that has fallen victim to multiple cyber-attacks — and they are certainly not alone.

But here’s the good news: There are several steps your company can take to contain and recover from an attack as quickly and securely as possible.

How to Recover From a Cyber Attack

While many people think of security as binary — you’re either secure or you’re not — it is more about managing risk than preventing every possible attack. An inability to quickly detect, respond, and recover from a cyberattack can have both short- and long-term implications for your organization.

 Here are a few key actions you can take to improve your security posture and reduce the scale and long-term ramifications of a data breach.

  1.  First, follow the data. If your organization has been compromised, containing and eradicating the infection is critical. Start by following your incident response procedures to identify the scope of the compromise. Assess the damage to critical systems and then move outward to supporting systems. It is essential to determine precisely what systems were compromised and what information was stolen to plan your next steps. For instance, T-Mobile’s response might have looked different if only financial or payment information was stolen instead of extensive personal information, including social security numbers.
  2.  Assess and improve your process. Whatever attack you’re facing, from a DDoS attack to malware, a well-defined response process is key. Once you’ve been compromised, it is essential to take an honest look at your process and identify necessary improvements to reduce your risk of a future security breach. Consider conducting tabletop exercises to workshop potential scenarios and simulate another major event.
  3.  Perform incremental backups of business information. Be sure to conduct a full, encrypted backup of your data on each computer and mobile device on a regular basis. The frequency of the backups will vary depending on the needs of your business and the criticality of the data on the system. When planning weekly or hourly backups, consider how rapidly information changes in your industry and whether your company could function if that information were lost.
  4.  Store backups in multiple locations. It is vital to store your backups in multiple locations. Whether off-premises, on-premises or in the cloud, diversify your storage solutions to reduce the risk of a universal breach. Sending tapes offsite on a regular basis can be costly. For a more budget-friendly solution, consider the cloud for regular backups and prioritize off-premises backups on a monthly or quarterly basis.
  5.  Coordinate security standards. There’s a high likelihood that T-Mobile was more vulnerable due to its mergers and acquisitions activity. In 2020, T-Mobile merged with Sprint, a fellow large-scale cell carrier. Integrating systems with different security standards can create information gaps that cybercriminals prey on. If your business is in any stage of transition, be sure to audit combined systems and standardize security barriers.

Organizations That Rush Recovery Lose

If your organization has experienced a major event like a data breach, you know that keeping your team calm is key to carrying on. When your entire environment is down, there can be immense pressure to get it up and running quickly in the face of mounting public scrutiny. This can increase the stress and uncertainty of your IT teams, which may translate to an incomplete or rushed recovery process.

In the same way that your teams communicate on a regular basis, cybercriminals tend to share information. So, there’s a high likelihood you’ll be reinfected if you don’t quickly get on the right path and fully contain the breach. While the threat of cyber-attacks is ongoing, you can reduce the risk of a repeat offense with a range of security solutions.

About the author: Tim Grelling is the Director of Innovation, Security at Core BTS. Tim is a seasoned security professional that specializes in helping mid-market and enterprise organizations implement holistic IT solutions. With over 20 years of industry experience, he has worked with numerous Fortune 500 companies to assess security risk and guard against cyberattacks. As a Director of Innovation at Core BTS, Tim helps clients develop end-to-end security solutions that minimize organizational risk.