Amid rising inflation and interest rates, and the growing number of cyber threats, businesses are constantly evolving in order to be resilient. This month, eFintech is highlighting how businesses are showing this resilience against a myriad of factors – some within, and some beyond, their control.
Having already explored some of the biggest cybersecurity trends of the last year, as well as some of the biggest challenges cybersecurity firms are facing, eFintech now turns its attention to how organisations can best recover if they fall victim to a cyber-attack.
To find out more, we reached out to some experts in the face to ask: What is the best way to recover from a cyber-attack?
Prakash Pattni, global MD for financial services digital transformation at IBM, explains: “The best way to recover from a cyberattack is to prevent it from happening in the first place.
“This can be done by having a secure cloud environment, automated monitoring for threats and strong security policies and procedures. However, even the most secure organisations can still be attacked. If your organisation is compromised, it’s important to have a plan in place to recover quickly and effectively.
“Having a framework in place for identifying and responding to cyber threats is key, and we see use cases for emerging technologies like AI improving the response time for identifying threats. Once identified and locked down, organisations must investigate these attacks to understand how it happened, who was responsible and where their vulnerabilities lie. Once dealt with, cybersecurity professionals can begin to restore their security measures, which can include restoring from backups, reinstalling software and reconfiguring systems.”
“Recovering from a cyber-attack requires swift and decisive action”
Eyal Moldovan, co-founder and CEO of digital trade financing solution 40Seas, said: “This comes back to my point on business agility. Recovering from a cyber-attack requires swift and decisive action.
“Firstly, any affected systems should be isolated to prevent further damage and to contain the breach. It’s always a good idea to engage with cybersecurity experts to investigate and identify vulnerabilities to prevent future attacks. One core aspect of cyber-attacks can be the associated reputational damage, so it’s vital to communicate transparently with stakeholders, including customers and regulatory bodies, providing timely updates on the implications of the breach.
“Then, moving forward, it is advisable to implement enhanced security measures, such as multi-factor authentication, encryption, and regular security audits to mitigate the risk of repeat breaches.
“Finally, companies must leave no stone unturned in rebuilding trust with affected parties while demonstrating an unwavering commitment to data protection and privacy.”
Facilitating “a strong and resilient security line”
Sigita Kotlere, CEO of investment platform Nectaro, said: “The best way to recover highly depends on how prepared you are.
“Essential elements such as a disaster recovery plan, business continuity plan, established procedures, and access to data and tools for swift restoration play pivotal roles in ensuring effective recovery.
“The best way to recover is to reduce the impact as soon as possible and it highly depends on how fast you resolve the disruption – finding the source and fixing it. Monitoring and tracing tools are invaluable for this purpose. Subsequently, preventing future disruptions involves rectifying flawed processes, technical aspects, or procedural weaknesses through necessary steps.
“Once again, setting up monitoring on the new processes or implementations is a must and performing a retrospective afterwards can help facilitate a strong and resilient security line.”
“When… not if”
Tosin Eniolorunda, CEO of Moniepoint, the all-in-one payments, banking and operations platform, explains step-by-step how firms should respond to cyber attacks: “The best way is to acknowledge that a cyber-attack is a matter of when not if and prepare before it even happens. By this, you put in measures that will help in the recovery process, including awareness and education, testing security controls and response plans, etc.
“The second-best thing is to detect the source of the attack, determine the impacted systems and isolate them. Steps are then taken to stop the attack and restore the impacted systems.
- Contain the breach as soon as a discovery is made of an active cyber-attack by isolating the affected systems from the network to prevent further spread of the attack and limit the damage.
- A response team is assembled; this usually includes the relevant professionals and stakeholders to coordinate the recovery efforts. This team will be responsible for investigating the attack, assessing the impact, and implementing the recovery plan.
- A thorough assessment of the attack’s impact is carried out to identify what data or systems were compromised, and all the details of the attack documented.
- As a regulated entity, once we have enough information on the attack and its impact the relevant stakeholders and regulators are informed.
- Appropriate technical measures are taken to stop the attack and restore the systems with its accompanying data by ensuring the restored systems are clean and free from any malware or vulnerabilities that might have caused the breach in the first place.
- Lastly, lessons learnt are documented and applied. Further measures like patching and updating the entire network need to be done. Additionally, a thorough security review is required, and stronger security measures are implemented.”