The US Center for International and Strategic Studies reported a few weeks ago that losses from incidents related to cybercrime exceeded 945 billion dollars in 2020 only in that country, almost double than in 2018. Yes to these figures we add the losses caused by reputational damage, the losses due to a computer crisis can well exceed two trillion dollars. In Spain, according to the Department of Telematic Crimes of the Central Operative Unit of the Civil Guard, in the last four years, cybercrime has grown 135%.
When an incident occurs that affects the technical infrastructures, the most advisable thing, according to the experts, is to remain calm and continue with the business continuity plan, if it exists, since the action protocol will be defined in that plan. . According to Soler GDI, a cabinet dedicated to IT crisis management, if there is no continuity plan, strategic decisions must be made during the crisis process, so it is essential to have professionals prepared to resolve each situation.
“In a computer crisis many times the papers are lost and actions are taken hastily, which not only causes the consequences to worsen but the final results are not as desired”, says José María Soler, CEO of Soler GDI. “For this reason, in the face of any incident, no matter how small, that may induce a disruption in the organization’s technological systems, we must act with a cool head and surround ourselves with experts who have the experience and the necessary capacity to solve it, causing the less impact on the business ”. In this sense, the firm has compiled the biggest mistakes made after suffering a computer crisis.
Do not erase the evidence
“You should never restore a backup without having saved all the evidence of the crisis,” recalls Soler. And it is that these pieces can help to better understand the type of attack that has been suffered and, in this way, be better prepared in the future to avoid its effects. Also, you should not forget the basic information about the incident or not maintain the chain of custody. This is necessary so that the competent authorities can find the culprits and bring them to justice, it is necessary to extract all the evidence according to the forensic procedure.
To think that it will not happen to you again
According to a study by CrowdStrike, seven out of ten companies that experience an intrusion suffer an attack again, so it is essential to analyze whether there are variables, technical or human, that can cause the incident to be repeated. Furthermore, it is important that once restored, the system is quarantined for a period of time to prevent hidden threats from going unnoticed.
Not being aware of your situation
In many cases, the lack of control over the technological infrastructures of the company is such that months pass before the attack is discovered, which later makes it difficult to resolve and recover the assets.
Format to delete
Formatting the systems will not only make us lose the stored information, in many cases sensitive or essential for business activity, but the evidence of the attack will also be erased and protection will not be able to be improved, nor the response to possible new attacks, but neither will nothing can be claimed by erasing all evidence of the attack.
Sometimes, due to ignorance of the established plans, the protocols are not followed and fatal mistakes are made for the continuity of the business. In this case, having certifications such as ISO 22301 can help resolve these conflicts.
Failure to inform users of the gap
Failure to inform affected users of a security breach or cyber attack. In the event of an attack in which personal information of customers or users is exposed, the affected company has the obligation to immediately inform those affected so that they can take their own measures (such as modifying the password to access the affected services) and limit damages.
Thinking they can solve it on their own
Perhaps the most serious mistake: thinking that it can be solved without the help of professionals. Large companies have teams dedicated to business continuity and security, but most small and medium-sized companies cannot count on these internal resources. In that case, in the face of any IT crisis, it is important to have trusted partners who can help solve the problem with the least possible impact on the business.