The Complete Guide to Mitigating and Managing a Cyber Attack

By
Praveen Yeleswarapu
September 3, 2021

According to The Internet Crime Complaint Center 2020 report, a massive 465,177 incidents were reported in 2020. This means there was at least one cyber attack  per second that year. The number could be far higher if we account for the numerous incidents which go undetected and unreported every year.

The current digital landscape is undergoing tremendous changes with the rise of cloud computing, Big Data, Internet of Things, to name a few. The COVID-19 pandemic has accelerated digital adoption and now many firms are transitioning rapidly, if not hurriedly, to the cloud. This scenario is further complicated by the expansion of remote work. All these factors have greatly increased vulnerabilities in the cyber ecosystem. According to some reports, cybercrime during the pandemic was up by as much as 600%.

Bearing this context in mind, let us comprehensively address the issue of cyber attacks as well as the ways they can be mitigated and managed.

What is a cyber attack?

A cyber attack can be an attack on a system or network of an organization where the perpetrators gain unauthorized access and thereby try to alter or misuse any information or valuable entities in the organization. This can include exposing sensitive and confidential information openly on the internet. It can mean disabling the systems and disrupting services. It can also lead to loss and destruction of data and identity theft.

Cyber attacks target not only the computer infrastructure of organizations but also the personal devices of their staff. In addition, cyber attacks can be state-sponsored or associated with groups promoting cyberterrorism or cyber espionage.

Types of cyber attacks that can happen to businesses

Having understood the meaning of a cyber attack, let us look into the major types of cyber attacks businesses encounter frequently:

  • Malware: It is software or code that is designed to interfere with a system or a network and disrupt its normal functioning. Malware consists of various types such as worms, spyware, ransomware, and viruses. Ransomware is the most commonly used malware. In ransomware, the malware encrypts sensitive information or data of an organization and makes it inaccessible to users, and demands ransom for its release.
  • Social Engineering: In this, confidential information is obtained from users by tricking them into breaking security protocols using human interactions as bait. Phishing attacks are a type of social engineering attack where deceitful emails or text messages are sent by the attacker posing as a reliable source to steal data such as login credentials or credit card information.

  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS): These attacks overwhelm a system or network with connection requests or messages. This can result in the system or network slowing down or even getting crashed and legitimate users will be unable to access it.

  • Advanced Persistent Threat (APT): In an Advanced Persistent Threat, the intruders gain long-term access to the network with the aim to mine important data such as trade secrets, user/employee data and can sabotage organizations by deleting critical databases. APTs are complex attack campaigns involving an infiltration stage, an expansion stage, and an extraction stage. Read more about APTs here.

  • Man-in-the-Middle (MitM) Attacks: Here, the cyber attackers intercept and position themselves between the user and the concerned application. They do so to either eavesdrop and gather information or impersonate the user/application to steal or manipulate data. This method is often utilized in the infiltration stage of an Advanced Persistent Threat (APT) attack.

Other cyber attacks include but are not limited to are drive-by-download attacks, SQL injection attacks, botnets, and exploit kits.

Major cyberattacks in 2021

Cybersecurity Ventures reported a 15% year-on-year growth rate for cybercrime costs to companies, and by 2025 this is estimated to rise to $10.5 trillion annually. Below are some attacks which caused severe disruptions in 2021.

  • Microsoft Exchange Server Cyberattack in January: Cyber attackers gained full access to administrator privileges, user emails and passwords, and connected devices on the affected servers and network by exploiting some zero-day vulnerabilities.

  • Bombardier Cyberattack in February: Bombardier suffered a data breach when attackers exploited a vulnerability in a remote third-party application which was on a server isolated from Bombardier’s IT network.

  • Channel Nine Cyberattack in Australia in March: Live broadcasts including its Sunday special broadcast were disrupted due to the cyber attack using malware which spread across devices at the TV Channel’s headquarters.
  • ACER Ransomware Attack in March: The cyberattackers demanded $50 million in ransom after releasing images of confidential information which bank balances and financial spreadsheets.

  • Japan Olympics Data Breach in July: exposed personal information of ticket holders and volunteers including usernames, passwords, and bank account details.

  • Kaseya Ransomware Attack in July: This attack caused downtime for over 1500 companies, impacting a great many managed service providers (MSPs) and their customers. Read more about REvil and Kaseya here.

Why are cyberattacks gaining so much media attention?

The above examples highlight the frequency and intensity with which cyberattacks are becoming common these days. Subsequently, media coverage regarding the same is also rising. Companies that fall prey to cyber attacks face not only damaging losses in terms of data and money but also loss of reputation and goodwill. This is particularly important in times of sensationalization of news and the era of fake news.

Which companies/industries are at risk of an imminent cyber attack?

Any industry or company with a notable online presence is susceptible to a cyber attack. Nonetheless, some industries are more prone to cyberattacks than others. Manufacturing, Banking, Financial Services and Insurance (BFSI), Healthcare, and Education are major industries presently facing cyber threats.

The manufacturing industry usually is an attractive target because of large supply chains involving multiple vendors and the lure of intellectual property. Further, hostile nation-states can target the manufacturing industry as compromising one aspect of the supply chain can lead to a severe impact on production causing irreparable losses.

BFSI is another lucrative prey because of digital storage and transfer of funds. Healthcare and Education industries often have subpar and sometimes outdated IT systems and security measures becoming easy targets for stealing data and identity theft.

In addition, small businesses are more vulnerable than large companies. Accenture’s Cost of Cybercrime Study states that 43% of cyberattacks are targeted towards small businesses, with only 14% of those businesses having proper cybersecurity measures in place.

What is the cybersecurity community doing to prevent cyber attacks?

Considerable research is underway and new ways and means of preventing attacks are being found daily. In addition, voluntary conventions including the Budapest Convention and Paris Call with principles such as Lifecycle Security and Cyber Hygiene help in creating comprehensive cybersecurity frameworks.

However, cybercriminals are usually up-to-date with emerging technologies and often are state-sponsored with significant access to money and other resources. Moreover, human error is a major cause of cyber attacks through the usage of unsecured networks such as public wifi, falling prey to phishing and vishing attacks, and so on. Due to such a large number of vulnerable endpoints, the prevention of cyberattacks becomes very difficult.

This is why most security leaders proceed with the assumption that an incident will happen, and focus on Incident Response instead.

Indeed, it is a testament to the tireless effort of the cybersecurity community that we do not have even more attacks taking place, and that usually, as long as we follow security best practices, update our software and tools on time, and avoid clicking on suspicious links, we are well-protected from cyber attacks.

What are some gaps that cybercriminals can exploit at present?

Cyber attackers are always on the lookout for easy vulnerabilities in systems and networks. The following are some gaps exploited by the attackers repeatedly:

  • Exposed ports on firewalls
  • Lack of proper control on the use of VPN
  • Irregularity in updating software/patches
  • Improper usage of white hat tools for black hat practices
  • Lack of lifecycle security in supply chains
  • User Behavior with lapses in following cybersecurity hygiene

However, each of these issues has a robust solution available today. An XDR platform can help protect endpoints, as well as predict which endpoints are most at risk. User behavior can be studied and anomalies identified by the use of UEBA. Active Threat Hunting, powered by AI, can also help detect suspicious behaviors within a network well in advance.

What do businesses need to understand about cyberattacks today?

The attack landscape is evolving at an unprecedented scale. Zero-day exploits are becoming common. Further, cybercriminals are developing sophisticated attacks. Webroot Threat Report 2020 highlighted that as high as 93.6% of malware was polymorphic in 2019. This means the malware is capable of continuously changing its code to avoid detection.

Attackers are not only deploying malware for quick money but are also being hired by hostile parties to destroy businesses in terms of manipulation of data, loss of reputation, and creation of general havoc and panic.

cybersecurity after hours banner

How to successfully manage a cyberattack

Having seen numerous vulnerabilities and multiples reasons why a company or industry faces cyberattacks, let us briefly understand the prerequisites for managing a cyberattack effectively. The key to this is having a rigorous Incident Response Plan (IRP) focusing on:

  • Preparation: where processes are in place to preempt any attack.
  • Detection and Analysis: ascertaining the nature and causes of attack and the extent of the damage.
  • Containment and Eradication: Isolating and eliminating the attack to avoid escalation of losses
  • Post-Incident Recovery: Updating the security regime with lessons learned from the attack and enhancing risk assessment procedures.

Suggested Reading: The complete guide to Incident Response

Can we prevent a cyber attack from ever happening?

Prevention of a cyber attack is possible when all the three pillars of cybersecurity - people, processes, and technology are strengthened simultaneously. Prevention is also necessary because the cost of data breaches has become unacceptable. IBM’s Cost of a Data Breach Report 2021 puts the average cost at $4.24 million for 2021, the highest to date.

  • People: Security awareness programs and training must be regularly conducted so that users are aware of the risk of cyberattacks and their role in prevention. Further, specialized technical personnel for cybersecurity can be employed depending on the need of the organization.  
  • Processes: enable the implementation of cybersecurity measures. For instance, deploying Red Teams for checking weaknesses in the network and Blue Teams for mitigating those weaknesses.
  • Technology: Using available technologies such as EDR and XDR for threat hunting and securing endpoints quickly and automatically.

Preventive solutions have to be scalable and be able to be integrated into multiple systems and platforms. For example, with BluSapphire Elite, enterprises can proactively identify cyberattacks before they occur with the help of advanced Machine Learning  (ML) tools and cyber analytics. It facilitates out and out the visibility of endpoints and employs behavior-driven threat detection and enables automated response to threats and their successful remediation.

Robust cybersecurity regimes thus can increase the resilience of organizations and prevent the undue transfer of economic wealth to perpetrators while protecting the enterprise’s valuable data as well as prominence.