The scary thing is that many attacks on companies remain undetected for days, if not weeks. During this time, hackers can access company data unnoticed, sell data on to criminals or even infect other systems. So the earlier an attack is discovered, the better. There are several signs of a successful attack. Access to data or systems might no longer be possible. Systems may not be as responsive. A password might no longer work and can no longer be reset. In all these scenarios, company managers should be on the alert and contact an IT security expert.
The first priority is to stay calm and not take any rash action. It is important, for example, not to shut down IT systems under any circumstances as this can lead to major damage to data and systems. If the company does not employ IT security specialists or they are not available, it is advisable to call in an external professional to support you in the crisis and take the pressure off you. These experts are prepared for such incidents and regularly train for possible attack scenarios.
Exactly. The Rapid Response Team is part of the Cyber Security Incident Response Team at Swisscom. It is on call 24/7. In an emergency, the experts start by analysing the type of attack before deciding on the appropriate course of action. This includes analysing the affected systems and software, restoring any backup files and securing evidence. The case must be reported to the law enforcement authorities subsequently and charges filed. Finally, the experts prepare a report and recommend further measures to prevent possible follow-up attacks.
The team handles several jobs every week. At the moment, it mainly deals with ransomware attacks, but groups of hackers also sometimes attack specific companies. The size of the company doesn’t matter. Any company in any industry can be affected. SMEs in particular are popular targets because they often have IT security vulnerabilities. Especially in smaller companies, it is often just the boss or an employee that deals with the IT. So our team can make a huge difference here.
I can’t name names, of course.
But we once had a hospital attack that lasted several weeks. It started because e-mails from a doctor were diverted by an undetected Trojan. This was followed by a targeted attack using highly professional phishing, which spread malware throughout the system. Each time an attempt was made to reactivate the Internet, several hundred computers were infected within seconds. It required a huge effort to restore the system.
The bottom line is that there is never a 100% guarantee, no matter how well you protect yourself. But of course companies can reduce their chances of falling victim to an attack. Professional data backups are crucial, as is protecting e-mails, the Internet and the network. However, it is almost more important to make employees aware of the dangers from the Internet. If they are attentive and able to recognise phishing, they will essentially serve as a human firewall.
Of course, technical protective measures are very important. But it just takes a single employee to click on a phishing e-mail to open the door for hackers to enter the company – however sophisticated the protection measures. Raising awareness among employees is therefore crucial. In addition, it is important to consult with the management and define crisis communication. What are the most important points? Who needs to be informed?
Security involves more than IT; it is also about a well organised senior management. As well as raising awareness at the employee level, it is also important to address the issue at management level. This includes critically examining: “To what extent are we protected against cyberattacks?”