Cybersecurity Guide

How to respond to cyber hacks and security breaches

Written by Sam AbdulLast updated:
In this guide

The internet hasn’t just made the world a small village, but it has also opened us up to challenges that have never been faced before.

Cybersecurity is the most concerning matter as cyber threats and attacks are becoming more and more common.  

Today, attackers are using very sophisticated and innovative techniques to target computer systems. And their targets aren’t just government sites or large companies. Many individuals and small businesses find themselves under attack.

To make things even more complicated, keeping pace with cybersecurity issues and best practices can be a challenge.

Nevertheless, the cybersecurity threats that made headlines recently include: massive data heists, social media breaches of several public figures, and universities hit by ransomware attacks.

Celebrity Twitter accounts, technology leaders, and politicians were compromised, leading to unintended and inappropriate usage of their accounts.

Bad actors can create fake websites to steal personal sensitive information or lure people into clicking or downloading malicious files, while harvesting their personal identifiable information (PII) or financial data without permission. 

Related resources

Signs of a cyber incident: How to know if you have been hacked or phished

Put broadly, a cybersecurity incident is any  event that leads to the exposure of sensitive data. According to the 2016 Cisco midyear report, the average time for a business to discover security threats takes 100 to 200 days. For individuals, it can sometimes take longer. 

In best case scenarios, victims of cybersecurity attacks react fast to secure accounts. That’s why understanding (and taking action) on the first signs of cyber incidents is a good way to protect personal data and other critical information.  

The following are the most common signs of cyber incidents and should act as red flags

  • Files modification: If you recognize any changes in your important files such as: remove, replace or alter, which could indicate that there is a cybercriminal who has been gaining unauthorized access to your system without your knowledge. 
  • Slow network or internet connection: If you notice that your device performance is slower than usual, it could be an indication of hacking attempts against your computer system, which could lead to a spike in the network traffic. 
  • Phishing emails: Phishing attacks happen when threat agents are performing fraudulent attempts to steal sensitive information. They deploy botnets to send emails or post malicious URLs on social media. Then when you click an infected link, the bot collects sensitive information about you without your knowledge. This identifying information allows a cyber criminal to impersonate you and then use your identity to access sensitive accounts (like banking info and personal contacts).
    • Phishing attacks continue to be one of the biggest digital threats. Suspicious emails are one of the most common techniques that are used to compromise individual and business security. These types of phishing attacks are usually associated with brands that people trust or know especially those who are involved with payment refunds. They may look just like the usual email but they can be detected by checking the email address, reviewing the spelling and grammar of the word, and making sure the email just generally looks legitimate.
Learn more about phishing
  • Device tampering. If you notice that your device suddenly turned off then came back to normal, it could indicate an attempt of unauthorized access. If you suspect that your device has been compromised for any reason, then have it checked out before accessing sensitive information. 
  • Unusual activity: If you see strange password-related activity related to your password, like receiving a strange request link to reset your password, that’s an obvious sign that you are a victim of a cyberattack. The best way to handle this issue by changing your password immediately using a mix of uppercase, lowercase letters, and numbers (or consider using a trusted password manager). 
  • Login failure attempts: If you are unable to log in as normal to your account that could be a red flag of being compromised. If this happens, try resetting your password and logging back in. If that fails, be sure to contact the service you are trying to log into and alert them to the fact that your account might be compromised.
  • Ransomware attacks: This is a type of malware (or damaging piece of software), which can take control of a system or data, or generally infect a computer and affect performance. In a ransomware attack, a hacker will encrypt your sensitive data documents, spreadsheets, or other files stored on the system with a key known only to the malware author. Once encrypted, you will not be able to gain access to their files.
    • You might also  receive threatening pop-up messages warning that the files will be permanently deleted unless a ransom is paid within a specific timeframe. You will then be  forced to pay a ransom in exchange to regain access to your files. WannaCry is one example of a high-profile ransomware attack that affected more than 200,000 computers worldwide with an estimated cost of hundreds of millions of dollars. 
  • DoS (Denial of Service) attack is an attempt to overwhelm the computer systems or server by flooding network traffic with a high frequency of HTTP requests, which slows down the server’s performance and subsequently crashes it. Then the targeted server is unable to respond to authorized traffic. A DoS attack is resource consumption, which has the goal of disrupting legitimate activity on a victimized computer.
    • There are two forms of denial of service: Attacks exploiting a vulnerability in hardware or software. This exploitation of weakness or standard feature of software intends to cause a system to linger, freeze, and devour all system resources. The end result is that the victimized computer is unable to process any tasks. The second kind of DoS attack floods the victim’s communication traffic with garbage network traffic.
    • The end result is that the targeted computer is unable to send or receive communications over the network, which causes the system to be denied from performing normal services. The primary intention for launching DoS attack is to prevent legitimate activity on a victimized system by exhausting CPU and memory of the system, and subsequently the service becomes unavailable. This could lead to ,for example, to a money loss on e-commerce sites or delays on students’ class registration.    

Action plan for the critical first hours

In the digital landscape, a cyber breach is akin to a storm – unexpected, disruptive, and potentially devastating. However, the actions taken in the immediate aftermath can significantly influence the extent of the damage.

The initial hours after detecting a breach are pivotal. A swift, organized response can mitigate damage, protect stakeholders, and set the stage for recovery.

Harness the power of cutting-edge threat detection tools to spot any out-of-the-ordinary activities. Before hitting the panic button, double-check to confirm the breach.

Once verified, swiftly unplug compromised systems from the network, halting the malicious software in its tracks.

And remember, safeguarding your untouched critical data by backing it up to secure havens is a non-negotiable step. Stay vigilant and proactive!

The immediate steps post-breach lay the foundation for long-term recovery and resilience. By acting swiftly and strategically, organizations can navigate the stormy waters of a cyber breach and emerge stronger on the other side.

Five steps for better cybersecurity practices

Individuals are susceptible to cyberattacks in their everyday digital activities.

The following items are necessary steps that should be taken to prevent cyber threats: 

Step 1: Perform periodic software patches and updates 

Patching refers to fixing vulnerabilities or correcting computer bugs in the software. Even though vendors frequently write code fixes and release patches, these patches are useful only if they are applied. Many security incidents occur simply because patches were not implemented.

For example, the attack on Equifax in May 2017 exploited a vulnerability in an Apache Struts web application that could have been patched back in March. It’s recommended to keep software up to date and install all recommended updates. 

Step 2: Safe browsing

Safe browsing refers to using best practices when surfing the internet; some websites use deprecated cryptography with weak ciphers or invalid certificates that are easy to crack, which allow the cybercriminals to obtain the transmitted data in clear text.  

It is important to note that data entered in websites could be intercepted by criminals, especially when entering passwords or making online payments. One of the best practices to enjoy safe browsing is to use a browser extension called “HTTPS Everywhere”.

This will help enforce data encryption at motion. The page won’t render if the website supports deprecated or expired SSL or TLS.

Another best practice is to block web ads by installing Ad blocker extensions in the browser you are using such as AdBlock for Google users or AdblockPlus for all internet browsers.

These web ads collect browser cookies and session information to provide targeted marketing campaigns. Adding this extension will stop ads from collecting your information.  

Learn more about internet safety resources

Step 3: Protect your data 

Cyber attacks happen to people every day in the digital world. And sometimes cyber attacks start with a physical security issue.

If a laptop is stolen or lost, then personal information or financial records can be accessed even with password protection.

Files can be copied off the laptop or mobile phone. It’s recommended in this case to make regular backups of all important files and  keep them on dedicated servers that are isolated from the network segments used for day-to-day operations.

Encrypt all sensitive information using software tools and use two-factor authentication to decrease the chance of a hacker gaining unauthorized access to devices.

Step 4: Use strong passwords

Passwords are used to access computers or systems and they are the weakest form of authentication for many reasons:

  • Users tend to choose easy passwords to remember them and therefore easy to guess or crack.
  • Attackers discover weak passwords through many ways including brute force attacks, sniffing networks, and stealing databases that contain user information. 
  • Passwords are sometimes transmitted in clear text or with easily broken encryption protocols. Attackers can capture these passwords with network sniffers. 
  • Hackers can discover weak passwords using a password guessing mechanism 

It is important to use a strong password consisting of at least eight hard-to-guess letters, numbers, and special characters and secure one by setting up multi-factor authentication. 

Be sure to reset all default passwords with stronger ones that are unique and meet strict password policy requirements.

Set a unique password across websites, email accounts, and systems that you use.

It’s advised to reset all passwords at least twice a year, or even better, every two to three months.

Step 5: Install anti-malware and antivirus 

Anti-malware is a piece of software designed to scan, detect and delete viruses or signs of hidden malware. There is a type of malware called trojan horse, which uses social engineering tactics to trick the victims into installing it without their intent.

The trick is to make the victims believe that the only thing they have downloaded or obtained is the intended file, when in fact it has a malicious hidden payload. 

Protecting your computers with appropriate anti-malware software is an important aspect of securing computers.

Attackers regularly release new malware and often modify existing malware to prevent detection by anti-malware software.

They normally develop new and modified malware or viruses to evade vendors’ anti-malware protection so they can steal sensitive data or collect financial data.

Therefore, it’s recommended to install antivirus software, which provides runtime protection and coverage against viruses, adware/spyware, and other malicious software.

It also provides the ability to detect and block incoming threats across diverse data streams: email, web traffic, network traffic, file storage, and web portals.

The antivirus or anti-malware should be able to check files both in real-time and automatically re-scanning files when signature-based rules are updated in the vendor database to detect previously unknown threats. 

Advanced threat detection tools

Threat detection tools play a pivotal role in identifying and mitigating cyber threats.

Here are some of the top tools used by professionals and organizations to detect and respond to advanced cyber threats:

  1. CrowdStrike Falcon: This cloud-native endpoint protection platform offers threat detection, incident response, and forensics. It uses AI to detect known and unknown threats in real-time.
  2. FireEye Helix: A security operations platform that integrates with endpoint, network, and email security. It provides advanced threat intelligence and automates threat detection and response.
  3. Darktrace: Utilizes machine learning and AI algorithms to detect, respond to, and mitigate cyber threats in real-time. It offers an enterprise immune system that identifies unusual behavior within a network.
  4. Palo Alto Networks Cortex XDR: An extended detection and response platform that integrates with Palo Alto’s suite of security tools. It offers behavioral analytics, threat intelligence, and automated response capabilities.
  5. Symantec Endpoint Protection: Combines traditional signature-based protection with advanced machine learning algorithms to detect and block threats at the endpoint.
  6. McAfee Advanced Threat Defense: Offers a combination of sandboxing, emulation, and heuristic analysis to detect zero-day threats, targeted attacks, and ransomware.
  7. Check Point SandBlast: Provides threat extraction and emulation techniques to detect and block unknown malware, zero-day threats, and targeted attacks.
  8. Cisco Advanced Malware Protection (AMP) for Endpoints: Uses global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches.
  9. Fortinet FortiSandbox: Uses a combination of AI, behavior-based detection, and static analysis to identify and verify threats in various environments.
  10. CylancePROTECT: An AI-driven endpoint protection platform that predicts and blocks advanced threats before they can execute.

When considering any advanced threat detection tool, it’s essential to evaluate its compatibility with your existing infrastructure, scalability, ease of use, and cost.

Additionally, regular updates and training are crucial to ensure that the tool remains effective against evolving cyber threats.

Be proactive in your cybersecurity

In short, as the internet continues to grow, the number of attacks are increasing in the digital world. The prevention of cyber attacks starts with a proactive approach.

The early detection of security red flags will help mitigating the damage and preventing any further attacks. It will also help protect personal information and privacy against threat agents.

Be mindful to use the above steps to minimize the likelihood of cyber attacks when surfing the internet.

Frequently asked questions

What is a cyber hack or security breach?

A cyber hack or security breach refers to any unauthorized access, use, disclosure, alteration, or destruction of data. This can be the result of malicious intent, such as hackers trying to steal information, or unintentional actions, like an employee mistakenly sharing sensitive data.

How can I tell if I’ve been hacked or breached?

Common signs include: unexpected system behavior or crashes, unauthorized account activity or unfamiliar accounts, ransom messages on your screen, slow system performance and unexpected software installations.

What immediate steps should I take after discovering a breach?

Isolate the affected systems: Disconnect them from the network to prevent further damage.
Change all passwords: Especially for critical accounts and systems.
Document everything: Take screenshots, note down unusual activities, and gather all evidence.
Contact IT professionals: They can help assess the damage and guide the recovery process.

How can I prevent future cyber hacks and breaches?

Regularly update software and systems: This patches vulnerabilities.
Educate employees: Ensure they know about phishing scams and safe online practices.
Implement multi-factor authentication: This adds an extra layer of security.
Regularly backup data: Store backups in a secure, offsite location.

Are there any tools to help detect breaches?

Yes, there are intrusion detection systems (IDS), security information and event management (SIEM) solutions, and endpoint detection and response (EDR) tools that can help identify and respond to suspicious activities.

What are the potential consequences of a cyber hack or breach?

Consequences can include financial losses, damage to reputation, legal repercussions, and loss of customer trust.