Guest view: Launching a professional counterattack to a big hack
The aptly named “WannaCry” ransomware attack that paralyzed computers across the globe the day after Mother's Day 2017 is believed to be the biggest online extortion assault ever recorded.
It’s disconcerting to know that security experts believe the next massive ransomware attack is already underway – it just hasn’t manifested itself yet.
Cybercrime prevention comes in many forms, and includes software updates and anti-virus protection, extra caution with emails, firewalls with advanced threat protection and data backups. But if the ounce of prevention fails, what do you do after an attack?
Assemble a response team
It is critical to create the right response team if you are a victim of a hack. It should be guided by an attorney, a forensic accountant, and cybersecurity expert. The goal is for this team to work with upper-level management to quickly quantify the damage and take steps to prevent future attacks.
Remember, dealing with a data breach is about fixing the problem as well as shielding the company from liability. Having an attorney on the team ensures that as your business deals with the issue all communications become “work product privilege,’’ and thus are protected from discovery in a lawsuit.
Following a breach, companies are legally required to save data in its original form, including information on home and office computers, work and personal emails, databases, text messages, the cloud and backup systems.
It’s best to assume that all investigations wind up in court, whether criminal, civil or both. If your experts need to testify, it is essential that all electronic evidence is properly preserved.
“Chain of custody” logs will document how data was gathered, analyzed and preserved for production. Witnesses may be interviewed, especially in cases of insider infiltration. After companies discover a compromise, they have a legal duty to maintain data in its native format.
During an investigation, communication among team members is a must. For example, an IT expert may not realize that an individual file contains a company’s most secret information unless they are alerted to it.
Even if a hacked company tries to quantify the loss and identify the source themselves through their own IT department, they may rapidly discover they are in over their heads. Immediately hiring a forensic accountant and security expert saves precious time and money.
Alert insurance carriers and clients
Don’t wait until a cyber attack to start reviewing your coverage. Many companies find their existing business coverage isn’t adequate if they face a significant disruption.
If there is a breach, an immediate call to your company’s insurance carrier is a must.
A business’s clients also need to be notified immediately, and a company should be prepared to deal with the media. Consider hiring a public relations firm.
Some companies immediately engage a forensic accountant to conduct an analysis whenever a high-level executive leaves. The right team can assist with penetration testing to detect and guard against vulnerabilities. Knowing that these safeguards are in place is a deterrent, not only on the person who departs but also on those still with the company.
Following an attack, legal, digital and accounting experts can help minimize the damage, bring wrongdoers to justice and prevent a tragic WannaCry sequel.
Lisa A. Myers is a principal at Boyer & Ritter LLC and heads the firm’s forensic, litigation support and consulting group. She was 2016-2017 president of the Pennsylvania Institute of Certified Public Accountants (PICPA). She can be reached at (717) 761-7210 or firstname.lastname@example.org.
Bill Dean is a senior manager at LBMC Information Security and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. He can be reached at (865) 862-3051 or email@example.com.