“My Business has been Hacked, What do I do?”

In an era of increasing and ever evolving cyber crime, the experience of Karim Toubba, CEO of LastPass US LP, serves as a stark reminder of the reality of modern business. LastPass, a company that offers password storage and management, was which initially announced it was hacked in August 2022, leading to the theft of source code and proprietary technical information. Although the initial breach did not compromise customer data or encrypted password vaults, a subsequent attack obtained encrypted usernames and passwords, among other sensitive data.

The ensuing public outcry and criticism placed Toubba within the ranks of executives who have weathered cyberattacks, an arduous journey that can linger for months, years and some businesses can never truly recover from. The attacks led to many customers leaving LastPass, although the company has stated that it is now nearly back to its pre-incident numbers. Toubba acknowledges that while LastPass did many things right in response to the breach, there were areas, like communication about the attack, where they could have improved.

Toubba’s advice for other businesses facing a similar situation? “You won’t be judged for being hacked, but you will for how you respond.”.

Experts, including executives, security professionals and lawyers, who have navigated their own share of Cyber Attacks say that while every situation is unique, there are steps that businesses should be taking to mitigate the damage. The first step is to have a comprehensive incident response plan in place that accounts for worst-case scenarios and is rehearsed by all relevant parties, including the a businesses senior executive management team, plans to work with cyber security experts to mitigate the risks, and much more. Without this, the plan is (in the words of Erez Liebermann, a partner at Debevoise & Plimpton) “truly just a piece of paper.”.

However, flexibility is also key. The unexpected nature of cyber attacks may necessitate a shift in strategy, such as deciding if you should pay a ransom demand if data is threatening to be leaked, or if you do not have a comprehensive backup strategy in place to recover your business’s critical data. As Mike Tyson once famously said, “Everyone’s got a plan until you get punched in the mouth.”

In response to the growing threat of cyber attacks, many of the worlds largest businesses now retain teams with cyber expertise, including lawyers, forensic investigators, crisis communication experts, and even ransomware negotiators. These teams can help establish a structure and a path forward in the early days of an attack, reducing panic and uncertainty. However for Small to Medium Sized Businesses who account for 81% of the worlds businesses who are targeted in cyber attacks, this is not necessarily possible or reasonable.

Communicating about the breach is a delicate balancing act: providing too little information can spark backlash from customers, suppliers and other clients alike, while revealing too much too soon can lead to problems if the information proves inaccurate. Planning for potential messaging can help manage this process.

When facing an attack, organisations may benefit from reaching out to the relevant government departments, such as the the UK National Cyber Security Centre (NCSC) or the Cyber Security and Infrastructure Security Agency in the US. These agencies may have insights on intrusion techniques or the hackers themselves that can aid in response, recovery, and prevention of future attacks.

However, even the best-laid plans can fall short. Take the case of SolarWinds Corp., a Texas-based company who fell victim to one of the most advanced hacks in recent memory, attributed to Russian state hackers. Despite having an incident response plan and outside experts at hand, the scale of the attack was beyond what the company had anticipated. Transparency about the breach was key for SolarWinds, with the company’s openness helping to regain customer trust. The company’s chief information security officer, Tim Brown, regularly fields questions from other CISOs keen to learn from his experiences.

It is important that businesses have the necessary protective infrastructure in place to be able to prevent against all of the latest cyber security threats. We have designed a FREE Cyber Security Self Assessment form (see the link below) which is designed to help businesses navigate the complex world of a comprehensive cyber security strategy. We can work with your business to put the most comprehensive solutions in place, designed specifically around your business requirements to ensure that you can protect against the ever evolving cyber security threats. In the event of a cyber attack, either at your business or through your supply chain such as the recent MOVEit Cyber Attack which has affected British Airways, the BBC, Boots and many others. You should also have a proactive, flexible approach, strong communication, and a thorough incident response for managing such incidents and limiting their impact. And remember, the response to an attack can often be more critical than the attack itself.

Latest News Stories