Cyber threats are difficult to spot, and attackers can descend suddenly and viciously. A short study of the evolution of cyber extortion shows just how serious the risk is and how wide the attack surface has become, leaving businesses of all shapes and sizes exposed. Now’s the time to plot an escape route if you get caught in a cyber criminal’s web.
Are you one of the 28% of small businesses with a cybersecurity incident response plan in place? Great! Now, who’s on board to help you activate it and, most importantly, guide you through the steps to recovery?
Small business owners are used to juggling dozens of duties, but when it comes to dealing with a cyber incident, even the most seasoned multitaskers are quickly pushed beyond their limits. After all, you need to know:
- How to react in the heat of the moment
- How to navigate the next sequence of actions
- Who to call on to help limit damage, and
- What protocol to follow for a successful cyber claim.
That’s a lot to manage in the short time you have before the fallout escalates. What you need is a team of specialists, which is why the incident response panel provided by your cyber insurance carrier is such a precious resource.
Depending on the nature of the incident and the severity of the data breach, you may need a few sets of helping hands or an entire suite of specialists. Here are six of the most useful allies you’ll find as you respond, report, and recover from a cyber incident.
1. Legal counsel
Your cyber incident response lead
When you’re hit with a ransomware attack, discover a business email compromise (BEC), or face another cyber emergency, the first step is to call on an incident response coordinator — your legal specialist(s).
Think of your legal counsel as the quarterback for your incident response: they’ll choose and coordinate the right team members to handle your specific situation. You’ll want to work with a legal team that has experience dealing with a wide range of cyber events, since that means they’ll likely have a wide network of trusted service providers to draw from.
Cyber events (hopefully) don’t happen to you every day, so it’s natural to have questions about how to proceed. Your legal experts will help you navigate through the many legal elements that will arise, plus they can instruct you on when to notify your bank, the FBI, and any other institution that may need to be alerted.
2. Ransomware negotiator
Your de-escalation partner
If you’ve been attacked with ransomware, a ransomware negotiator is the first specialist your legal team will engage, since there’s a lot on the line and time is of the essence.
Your ransomware negotiator will reach out to the threat actor in an attempt to extend the deadline and reduce the ransom demand amount. There’s a good chance the negotiator will have some knowledge of the specific threat actor you’re dealing with, and that intelligence is invaluable: understanding the enemy can help you weigh reasonable options to make the best decision on how to proceed.
According to a 2021 Varonis report, the average ransom fee requested increased from $5,000 in 2018 to around $200,000 in 2020. How much could you afford to pay without bankrupting your business? Sound security measures and tailored insurance coverage can help avoid paying out of pocket, but not always. If your negotiator manages to reduce the ransom amount — or finds a way to avoid paying it altogether — your business could have a much brighter future.
Your cyber forensic expert
Next, you’ll need to look into what happened, how it unfolded, and where to patch up any vulnerabilities or security gaps in your system. That calls for forensic expertise.
Your cyber forensic services are charged with uncovering the evidence of a data breach and what security issues may have enabled it. Even if you think you know the source of the attack, forensic investigators can often dig up more relevant information that will prevent further damage, help you recover faster, and shut down future attackers. Moreover, your investigator can offer welcome insight into how you can and should proceed after the event.
Your crisis communications service
In many cases, you won’t realize just how much data was leaked or how much exposure you’re dealing with until further along in the investigation. If your forensics team unveils a major breach of personal identifiable information (PII), you may find yourself having to walk back assumptions or apologize for collateral damage, and that’s when you need a professional in your corner.
A crisis communications firm can help draft communications to inform and reassure affected customers, employees, and key stakeholders like vendors and board members. Not every cyber incident will call for media relations or client communications help, but the larger the breach, the more likely your customers will be affected (and your reputation could be at stake).
Ransomware events frequently call for communications help, given their significant impact and the need for a carefully shaped message. According to a recent Cybereason survey, 60% of ransomware victims experienced revenue loss and 53% admitted their brands were damaged as a result.
5. Credit monitoring
Your identity protection partner
Data breaches can have far-reaching consequences. When sensitive personal information has been compromised, you’re obligated to follow a few important steps to inform and support the victims.
First, in order to comply with privacy regulations, you’ll need to notify the people who were impacted. Next, you’ll need to enlist credit monitoring and identity theft protection services — these experts will be able to help your customers protect themselves and their finances in the aftermath of the attack.
Call center services often go hand in hand with credit monitoring services: if you expect that those affected by the incident will be calling your business looking for answers, call center support can be an invaluable asset.
6. Data recovery specialist
Your digital data salvager
When your data is locked, you need a locksmith — this is your data recovery specialist. They’re responsible for restoring data from hard drives, servers, and other damaged storage devices.
The data recovery process is scientific, detailed, and thorough: your experts will begin with a careful evaluation of the device in a clean lab environment, then use specialized programs to interpret any corrupt data before deciding how best to recover the data without jeopardizing its integrity.
How Elpha Secure responds to incidents
Our integrated team of partners and advanced technology expedites the detection, reporting, response, and claims process. Here’s how it works:
- Our Security Operations Center (SOC) receives an event alert, and we’ll do everything we can to help you clear it and prevent a cyber incident from happening. In most cases, our quick and targeted action will be enough to avert an incident and a claim.
If it appears that the cyber event will likely lead to a claim, our SOC will guide you through the steps to provide a formal notice of a claim. Your next move would be to connect with a claims adjuster — they’ll reach out to you within 24 hours to continue the process.
- When an alert becomes an incident, we immediately notify our approved law firm on the Elpha Secure incident response panel. In the background, our telemetry tool collects relevant data about the event.
- The law firm will reach out to you directly to arrange a consultation, and once you engage their services, they’ll enlist a vetted forensics firm on your behalf to join the response team.
- Elpha Secure sends the information required for a forensic investigation straight to the forensics firm. This kickstarts the incident response process, and within minutes you’re on your way to a resolution.
There are many incident response professionals out there, and your cyber insurer is responsible for curating a panel of experts who can work together to serve you, the insured, not the insurance company. We take that responsibility very seriously.