You've Been Hacked. Now What?

5 Important Steps to Help Your Business Respond Quickly and Safely


Unfortunately, successful cyberattacks are growing far too common. A 2018 study found that nearly 70% of SMBs have experienced a cyberattack in the past year, yet an astounding 47% of respondents said they "have no understanding" of how to protect themselves in the event of an attack.

Due to the relative complexity of today's digital infrastructure, most companies are moving towards Managed Security Services for digital protection and proactive security. In fact, Silent Breach estimates that partnering with a reputable cybersecurity firm is the single most effective step you can take to mitigate digital security risks and minimize security-related costs in the long run. Remember, protection is always cheaper and more effective before an attack takes place.

However, if you believe that you've been the victim of an attack, here are five critical steps you can take after the fact to immediately reduce your risk:

1. Consult your Business Continuity Plan (BCP)

The actions taken in the first few hours following a breach will continue have large ramifications throughout the remainder of the recovery, for better or for worse. It is therefore critical to consult with your prepared BCP before doing anything else. Most likely, your situation (or one sufficiently similar) has been forecasted and a series of processes and procedures have been developed to guide you along the way.

While the average data breach costs close to $4 million, Ponemon's latest Cost of a Data Breach Study estimates that having a Business Continuity Plan will save you $365,000 on average. On a per-file basis, the savings comes down to about $15 per compromised file.

Although Business Continuity Plans should be specially tailored (in consultation with your cybersecurity partner) to your organizations needs and abilities, most effective BCPs will include the following 3 sections:

Disaster Recovery: This will focus on recovering any IT resources and infrastructure that may have been compromised. Unlike natural disasters, cyberattacks are not constrained by geography, offering the attackers a distributed attack surface. DR for cyber breaches should prepare for targeted simultaneous outages.

Business Impact Analysis: Not all breaches are created equal. A good BIA will account for interdependencies to ensure that resources are being deployed effectively and efficiently.

Cyber Incident Response Plan: This will include a forensics unit composed of IT personnel (dedicated to tracking down and patching the breach), a regulatory unit of legal analysts (to identify and remediate compliance gaps), and a public relations team (to communicate with customers, the media and shareholders).

If you do not yet have a Business Continuity Plan, use this Emergency Contact Form for access to Silent Breach's Provisional Crisis Guideline for rapid triage and proceed immediately to Step 2.

If you would like help developing your Business Continuity Plan, come and talk to us. Don't wait until you've been breached.

2. Disconnect the infected device(s) from the network

Cyberattacks often operate via the snowball effect, where each breach will trigger an additional, larger attack which will in turn do the same. It is crucial, therefore, that all infected devices be disconnected from your network as soon as possible. This will not only prevent the spread of the attack, but may also assist forensics experts in tracking down the cause of the attack.

3. Contact your security partner

The importance of this step cannot be overstated. If you haven't done so yet, contact your security partner and share everything you know about the breach as well as the affected systems and devices. Most likely, the security firm will have a 24/7 Security Operations Center which will work with you in real-time to mitigate the breach.

If you do not have a security partner or are unable to reach them, note down everything you know (while the details are fresh) and immediately contact a security service provider for further directions. At Silent Breach, our security and forensics experts specialize in Incident Detection & Response and are available around the clock to assist you.

Tip: Read our post on How To Choose a Cybersecurity Firm

4. Don't delete anything

Deleting what you believe to be infected files will only make it harder for the forensics team to trace the attack and, in some cases, can even trigger a follow-up attack. In order to ensure that the attack can be fully discovered, contained and eradicated, it is vital to preserve the 'scene of the crime'.

5. Spread the word

Hackers can take advantage of your identity by pivoting to attacks against business colleagues or personal contacts. Posing as yourself, they will use social-hacking techniques to convince close contacts to divulge sensitive personal information. Furthermore, under GDPR, stakeholders must be notified within 72 hours of a breach.

To prevent this, immediately contact family members, friends and business associates to inform them that your account has been compromised. You can use social media or an email blast to quickly spread the word.

For further assistance or to talk with a security professional, you can contact Silent Breach from anywhere in the world, at any time of the day.


About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.