How do I know if my company computer has been hacked? How should I react to a cyber attack? These are questions that our team is asked time and again by customers. We asked Christian Müller, the technical director at Trufflepig Forensics, about this topic. Find out why his answers may come as a surprise to many.
“Somehow the computer is acting strangely today.” Everyone is probably familiar with this or a similar situation from their everyday office life. Not every malfunction is caused by a hacker attack #WindowsNeustart, but many people have an uneasy feeling when they think that someone is accessing their own computer. Statistics show that medium-sized and small companies are often victims of hacker attacks. It is therefore important that employees know how to react to a hacker attack in order to protect their data and systems.
Christian Müller: “Hacker attacks are often difficult for ordinary users to detect. In a private environment, suspicious e-mails and security messages can indicate a possible risk and are easily recognized as an attempted attack. In a corporate context, however, a computer infection often goes unnoticed at first – until it is too late and the entire IT structure of the company has been infiltrated”. For companies, this often means a ransomware attack and thus an encrypted IT system. Nevertheless, it is important to remain vigilant and to contact the internal company IT staff if you have any suspicions. Professional hackers remain undetected for a long time. This shows how important it is to react well as soon as the attack is discovered.
A hacker is currently in the system? Then a quick and appropriate response is crucial. The CTO of Trufflepig Forensics recommends reporting the incident immediately to the IT or security team. In addition, the internet plug should be pulled or the Wi-Fi turned off to prevent the attack from spreading further. However, you should leave the computer running to make it easier for the forensics team to work later. Although it may make sense to involve the police for compliance reasons, the actual investigation and management of the incident usually lies in the hands of an internal or external incident response team. Typical mistakes made in the event of an attack include knee-jerk reactions after the incident and the hope that the problem will solve itself. A healthy error management culture is essential to ensure that employees actually report incidents. “This only works if senior management encourages this openness and does not sanction employees,” emphasizes Christian Müller.
According to estimates, there are approximately [4,000 cyberattacks per day] on companies in Germany alone (https://www.faz.net/aktuell/wirtschaft/schneller-schlau/4000-hackerangriffe-am-tag-allein-in-deutschland-18126679.html). After surviving an attack, it is therefore important to prepare for further attacks. “I have never met an entrepreneur who would want to relive the fear, stress and costs of a hacker attack. That"s why we sit down with our customers after an incident. We clarify what happened, how it happened and how we can avoid attacks in the future,” reports the technical director of Trufflepig Forensics, describing his day-to-day work. Often, a catalog of measures is also developed to define how employees should react in the event of an incident (an incident response plan).
The risk of hacker attacks is always present for companies of all sizes. It is therefore essential to actively address your own IT security and protection against hacker attacks. Our daily work with hacked companies shows that an appropriate response to an attack and a positive error culture within the company play a central role in this. Hacker attacks will never be completely preventable, but with appropriate preparation and security measures, your company can be better protected in an emergency and its profitability restored more quickly.
