At night and during weekends the risk for cyberattacks is the highest. Bertram Dunskus explains what businesses should do after an attack and outlines preventative measures.
Mr. Dunskus, how often do SMEs contact you due to the aftermath of a serious cyber-attack?
The number of requests for assistance rises steadily. Just five years ago it was seldom for this topic to come up since the costs of an attack on an SME outweighed the benefits significantly and hence was not economically interesting nor viable. In the meantime, the requests have increased tenfold. The hacker industry is so professionalized and industrialized that atattacks on SME get cheaper to the point of making them very profitable.
How are such attacks structured and what issues do clients face after an attack?
Usually, it’s been months since the actual attack. The attackers first gather information about the systems and download the data. On day X, a few employees will notice strange behavior on their computers. The issues caused by the attack often spreads to other computers. As soon as IT goes down, the realization sets in that it’s one of the most important areas of a business because barely any business activities can be maintained.
Are you the knight in shining armor? How do you help?
Luckily attacks aren’t conducted within seconds. In the execution, it takes a moment for the devices to be compromised. The earlier we are informed, the faster and better we can assist to stop the attack and minimize damages. If we manage to isolate the devices – especially the backups – in time, we can reduce the extent of the damage. We work closely with the affected business to set up an emergency operation and environment. Furthermore, we determine a plan of action to restore the highest priority systems.
Reacting with technology is not always sufficient, correct?
That’s right. It’s even more important to think about how to communicate the attack to business partners and what legal steps should be taken. We have the appropriate staff to ensure that the reputation of the company isn’t impacted, and no clients are lost. It’s crucial to communicate honestly and structured instead of in an unorganized manner.
“TRAINING SIGNIFICANTLY DECREASES THE PROBABILITY OF SUCCESSFUL CYBERATTACKS”
So preventative measures are the nuts and bolts. How do security assessments help SMEs with this?
We pursue a holistic approach and consider all factors and needs of the business. We analyze which protective measures were already taken and compare them to a catalog of measures in the form of a gap analysis, helping to set up a personalized security plan for the next two to three years. Important precautions include, for example, multifactor authentication and 24/7 monitoring of all security activities to properly react to suspicious events.
You recommend Security Awareness trainings to SMEs. How do they work?
We offer training for users through regularly sending prepared, simulated attack emails. If you click on a malicious link or file attachment, you will be informed that this was training only, but that it could have resulted in serious consequences if it was real. Simultaneously, users are informed about the specific suspicious parts in the email. This way they learn the common strategies the attackers use, to be better protected in the future. Through training, we can decrease the chances of phishing to 25%.
Is there any chance of catching and prosecuting the perpetrators?
We are dealing with professionally organized cybercriminals who utilize international black markets to organize themselves. This is the main aspect that makes it so incredibly hard to track these criminals and find where the attacks are coming from. A major shortcoming is that the structure of authorities and law enforcement worldwide and regions within a country are fragmented.
How do you see the future?
There is still a lot of catching up to do, so I fear that we will be facing even more difficult times in the future. Particularly in Switzerland, SMEs have very little experience with risk management, given the traditionally high degree of protection against dangers. What I see as a positive is that communication on this subject between owners, management, service providers, and authorities is improving all the time, even among SMEs. That means we are on the right track.