Cyberattacks are a sign of the times

tanjimajuha20 · Post by **tanjimajuha20** » Tue Jan 21, 2025 8:52 am

In the cyberspace realities of 2024, talk of hacking IT infrastructure, data leakage or DDoS attacks may even enter the highest offices of those who, not long ago, would have considered such issues to be purely operational.

News about large-scale cyberattacks and failures in web services were published only on specialized resources a few years ago and were of interest only to IT and information security (IS) directors. But a new reality has arrived. Security Vision CEO Ruslan Rakhmetov discusses how to prepare for a cyber incident and what to do when it has already happened

Today, the scale of lithuania whatsapp resource digitalization and the degree of dependence on information technology of almost any large business are so high that the cyber resilience of the information infrastructure is a key condition for the functioning of most business processes. The number of cyber attacks has increased significantly, the heterogeneity of IT infrastructures has increased due to the effect of the pandemic, sanctions restrictions, accelerated import substitution, the use of increasingly sophisticated methods and technologies by attackers, including AI systems, as well as due to the de facto open confrontation between states in cyberspace.

These objective factors mean that even the most advanced company that pays significant attention to cybersecurity will sooner or later face a cyberattack and its consequences. In a situation where it is more reasonable to ask the question not "Will we be hacked?", but "When and how will this happen?", it is necessary to prepare for such an outcome in advance and think about ways to respond to a successful cyberattack.

The cyber incident management policy should take into account various scenarios for responding to the types of cyber threats relevant to the company. Depending on the type of incident, it is necessary to describe the actions, for example, in the event of a DDoS attack, data leakage, ransomware infection, failure of the information system due to a hardware failure or an incorrectly installed update, etc. The list of relevant cyber threats is unique for each organization and depends on the economic sector, business scale, specifics of the activity, technologies used, and the company's risk appetite. Response scenarios should describe actions for identifying, analyzing, localizing and eliminating a cyber incident, restoring and performing post-incident actions, including a detailed analysis of what happened, generating reports and updating response scenarios based on "lessons learned".

Depending on the skill of the attackers and the quality of the corporate information security system, a cyber incident may not be detected at all, or recorded after the fact, including when its consequences have become public knowledge. The consequences of some types of attacks immediately become obvious to a large number of the company's clients: this concerns the unavailability of the company's website and services as a result of DDoS, hacking or infrastructure failure, defacement (changing the appearance of web pages with the addition of third-party logos or slogans), the distribution of fraudulent or disinformation messages in social networks or instant messengers allegedly on behalf of the company's top official, created using deepfake technology.

Financially motivated attackers have recently increasingly used advanced extortion schemes against companies that are victims of attacks. The attackers demand a ransom for not distributing the stolen corporate information, and in case of refusal to pay, they post the stolen data on their websites, accompanied by a PR campaign to spread the news of the leak. Politically motivated hacktivists can publish the stolen information immediately, without demanding a ransom, trying to give the leak wide publicity on social networks to destabilize the situation and cause maximum reputational damage. It should also be taken into account that in many cases, the published information about the alleged leak or hack turns out to be fake upon verification, and then the company should issue an official refutation.

What to do