So your company’s been hacked: How to handle the aftermath

Advice from a cyber expert

After a company has been hacked and the hack has been discovered to be a harmful one, top executives and IT leaders normally huddle in a room to assess the loss.

It's usually not a pretty scene.

It's not as if heads are exploding. It is more like what some might call a tense "come to Jesus" moment.

"It's not good," said cyber security expert Tyler Cohen Wood. She's participated in post-hack forensics sessions at companies and has witnessed the faces of panicked executives firsthand.

Tyler Cohen Wood Inspired eLearning

Tyler Cohen Wood is cyber security advisor to elearning company Inspired eLearning, and was previously a Defense Intelligence Agency cyber deputy division chief.

"People are scared, and a lot of times they don't even have logs of what happened in the hack and they still have to get the company up and running," Cohen Wood explained. "They have to have help as much as possible and [they have to] work quickly."

Cohen Wood is currently cyber security advisor for an online learning provider, Inspired eLearning, but has been part of cyber incident response teams in previous jobs. Before her current role, she spent 13 years as a Defense Intelligence Agency senior intelligence officer and deputy division chief for cybersecurity.

"I've never personally been hacked, but I've been through the trauma of incident response at companies to help them with their trauma," she said. "I understand the pain. People are worried about how to fix it and what do to. It's a terrible thing to go through. It's the feeling you have when something personal is stolen, but much worse -- that feeling of being vulnerable."

Those kinds of insights have influenced her blogs, presentations and curriculum materials to help companies protect against cyber attacks and beef up their cyber security.

In an era when private-sector and government cyber attacks are reported daily, Cohen Wood is worried that apathy has set in. In that sense, it helps to reflect on how it feels when a company gets hacked.

"Companies are getting hacked left and right. When you get to the point where every day you read about another major company getting hacked and your reaction is, like, 'OK,' then that's a really, really big problem. People are apathetic about cyber security. We have a serious problem.

"It's not like we use devices only as a tool. They have become part of daily life and we rely on them. We have shifted to where have so many different types of systems -- from banking to healthcare to transit and the power grid."

Cohen Wood believes companies need to educate workers about cyber threats and that IT shops need to assiduously stay on top of cyber threats with a shed of tools. She's also concerned that the major university computer science programs in the U.S. are failing to do nearly enough to prepare IT workers and coders with cyber security courses.

"As we move to everything being connected in an internet of things world, these devices need to be coded securely ... As hackers get better and better and we have a generation with less training in security, we have a big problem."

Cohen Wood said her advice to average workers is to make sure they are involved in some type of security education program, just to understand the cyber threats. "You have to be very cognizant that what you post on your social media about yourself or your company doesn't make it easy for somebody to piece together a pattern about your company or your kids that can later be compromised. When you get a device, like a smartphone, really look at the risks, change the default password, read the terms of service and update it when attacks come out."

For IT executives, she advised: "You have to be better than the hackers. Along with education, you have to get support from the C-level. You also have to have good cyber monitoring systems in place and procedures so that if something goes wrong your employees know what to do. Remember, a hacker just has to find one way in, while the security admin has to know all of them. If you are not keeping security logs or staff doesn't know how to escalate a response, you have a problem. "

And Cohen Wood repeats the oldest lesson from the IT playbook: "Make sure you have backup systems and have tested them. Make sure the sensitive data is segregated and not easily reachable and is 100% encrypted and in compliance with federal regulations, like HIPPA and PCI."

Generally, Cohen Wood advises companies to recognize that hackers have moved from going after faulty code to attacking humans through targeted attacks or phishing attacks. That means that anyone who touches a company network -- from the interns to the vendors -- needs to educated on all the threats.

Workers need to be segregated so that those who don't need to know certain things should not get administrative privileges, she added. A recent survey by the Ponemon Institute found that 62% of 1,371 end users said they had access to company data that they probably shouldn't see.

"The security situation is not hopeless, but we do have to get better," she said. "We need to work together and educate. An executive can't say, 'It's not my problem, that's IT's problem.' "

Cohen Wood conceded, however, that the emergence of quantum computers means that hackers will indeed be able to break tough encryption in coming years.

While Cohen Wood advises using encryption today, she said it might be rendered ineffective in a decade when powerful quantum computers will be put to use.

Quantum computers mean "the things you say online that are 100% encrypted today might not be tomorrow. Something secure now in 10 years is not going to be. You have to stay updated with the trends, especially if it's your job. Things are not hopeless, but do keep in mind that someday what you put out there may not be private."

Join the CSO newsletter!

Error: Please check your email address.

More about indeedQuantum

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hamblen

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place