What to do in a cyberattack? Business alertness and best practices are the best response

In the critical phase of the fight against the pandemic, in spring 2020 there was a wave of extortion targeting basic health infrastructures. Subsequent cyberattacks took down the systems of several Spanish city councils and even dared to attack the Court of Auditors and the National Security Council. The UK had to reschedule more than a thousand surgical operations due to the WannaCry malware attacks. Computer company Acer had its files encrypted and was held for a record $50 million ransom.

These are just some of the most notorious cyberbreaches that have occurred in recent years. According to IBM, since March 2020, cases of phishing and ransomware have soared by 6,000% worldwide. Spanish companies suffered 40,000 attacks per day in 2021 (+125%) and the Allianz barometer places them as the number one threat to the private sector in 2022, while Latin America is estimated to suffer 137 billion attempted attacks between mid-2021 and 2022 — with Brazil, Mexico and Colombia leading the way — with twice as many ransomware cases . The Business, Security and Company Foundation warns of the Big One: the threat of massive aggression by unscrupulous governments capable of collapsing entire countries.

This proliferation of cybercrises in the last two years requires a reaction, i.e. management, that is commensurate with their destructive potential, says Jorge Hurtado, Senior VP EMEA at Cipher: Prosegur's specialized cybersecurity unit. Therefore, he shares the maxim that "there are only two kinds of companies, those that have already suffered a security breach and those that will suffer one in the future".

"The trend of increasing attacks and their severity will not change in the short term", and he reflects on the digital transition precipitated by the pandemic, where in a year and a half progress has been made where it would have taken seven. According to Hurtado, we are facing an unprecedented risk "in terms of loss of reputation, loss of customers, financial loss or fraud, the destruction of vital information with no option to recover it, the publication of sensitive data or fines for non-compliance with regulations".

What cracks do cybermafias exploit to perpetrate their harmful actions? For example, native cloud services, the proliferation of insecure IoT devices, operational technologies in poorly secured infrastructures and industries. But above all, Hurtado stresses human vulnerability. That the business culture, and especially management, is not aware of the real extent of the threat.

Therefore, good prevention necessarily starts from this degree of awareness and alertness. In this case, an important advantage is available: other processes of technological change often meet with resistance, but the importance of cybersecurity for digitized businesses is so obvious that hardly anyone questions it. The first best practice recommendation would be to involve the workforce and to translate this culture into an efficient management strategy.

"Management capacities and structures cannot be improvised, it is essential to develop them in advance", warns the National Cryptologic Centre (CCN-CERT), which recommends a comprehensive strategy based on business values; proactive leadership; crisis and coordination committees: diagnostics and scenario definition; armor-plans, protocols and systems; unified, transparent, empathetic and accountable communication; constant updating and testing; and capacity to apply lessons learned.

However, according to CNN, too many companies still view cybersecurity as an expense rather than an investment with a guaranteed return. "Given the increasing frequency of cyber attacks and their significant impact on the services, information, and reputation of organizations, there should be no hesitation in implementing proper cybersecurity measures," states CNN. The Centre for Industrial Cybersecurity adds, "Outsourcing the service can result in substantial savings in fixed costs for hiring highly qualified staff."

However, it’s not just any outsourcing that will suffice, but outsourcing to certified technology partners capable of providing end-to-end management, including managed detection and response, security services, cyber intelligence, technology integration, risk management, compliance, and 24-hour operational centers. Experience in diverse markets contributes to continuous updating and the ability to adapt on a case-by-case basis.

If management aims to be preventative, mock attacks are a necessary tool for diagnosing weaknesses and identifying customized solutions. This can also be considered a value-added service from reputable providers. Companies can utilize a reference model, such as Cyber Crisis Management exercises, in collaboration with organizations like Prosegur, organized by ISMS Forum and the Department of National Security (Presidency of the Spanish Government). Such exercises confirm the public and strategic interest in private cybersecurity.

Participating companies and institutions are subjected to fictitious but realistic attacks and, based on their decisions to minimise impacts, parameterised categories are applied that assess their detection and management maturity, which assess their maturity in detection and management, procedures, internal and external communication with authorities and stakeholders, etc., to finally define the practices that improve resilience and management capacity in each case.

Discover more about Ciber

Cyber Security: the double edge of artificial intelligence

Disinformation, fake news, cyber assaults. How to combat hybrid threats?

What is cyber resilience and why should it be a strategic measure in organisations?