So, it’s finally happened, the inevitable disaster you’ve been dreading since the day you opted for cloud computing for your organization – your cloud network is being hacked, and there’s currently an intruder in your system trying to gain access to your valuable data.
First thing’s first – don’t panic. This is a stressful situation, but there is an order of processes you should follow to ensure your data stays as secure as possible and you remove the hacking threat from your system as quickly as possible – and in the modern connected world, knowing how to handle these attacks may become increasingly vital for business owners and private citizens alike.
Shut Down Affected Systems
When you realize a hacker has gained access to your network or cloud, it’s imperative that you shut down the systems they have access to – leaving systems operational may give them more time and access to further penetrate your organization and networks. Shutting down affected computers and networks will limit the scope of the hack and buy you time to react.
Secure the Evidence
If you’re pretty sure your cloud has been hacked, then you’re going to want to have an Incident Response team come in to be sure that the hack did in fact occur. For them to do their jobs correctly, it’s important that you take the proper steps to ensure that the evidence of this hack is easily accessible for them to track down how the attack occurred.
Log files in your system should be encrypted to protect against savvy hackers trying to cover their steps, and system logs should be pulled for evidence review as well. In short, it’s a good practice to backup these logs for about six months to be able to retroactively look back and investigate potential hacks – which is especially important if the hack went unnoticed for an extended period.
Contact Your Provider
A hack into a public cloud service like AWS isn’t just your problem – it’s a major problem for the cloud service provider too. Once you’ve done what you can to limit the attack and have secured as much evidence as you can on the attack, it’s time to swiftly contact your cloud services provider and update them on the attack. It’s likely they will have an IR team ready to tackle the issue and help you resolve the after effects of the attack, and the sooner you get them on the line, the sooner they can help you figure out what happened and get your network security perimeters back up to speed.
Contact Your Customers
Although a hack may seem like a business-only problem, with the sharing of sensitive data across organizations, it’s your customer’s problem too. If you think sensitive data from your customers has been breached, like credit card and social security numbers, it’s your responsibility to let those customers know about what happened and that their information may be compromised. It may not be ideal, but it’s a lot easier to let them know ahead of time than to try and explain it later while looking like you’re trying to cover something up.
Plan for A Future Attack
If you lived through this hack, just know, the war isn’t over yet – someone is going to try it again. It’s imperative that you’re prepared for the next hack to occur and learn from the hack that just happened. There’s no better way to maximize on this information than by partnering with an IT consultancy to help you create a future cyber-attack reaction plan and walk you through the necessary steps to improve your organization’s cybersecurity.