The number of registered cyber attacks has been increasing for years. In 2021 alone, cyberattacks on companies increased by around 20% compared to the previous year. In view of the current geopolitical tensions, it is expected that the number of attacks will also increase significantly this year and in the following years. Cyber attacks can be devastating and not only paralyze individual systems, but also disrupt entire process chains and thus threaten the existence of the company. Every year, such attacks cause damage amounting to around 223 billion euros - in Germany alone. The greatest danger for companies comes from ransomware attacks. Time and again, this perfidious method is the undoing of companies. Attackers are constantly working on new strategies to lure their victims into the trap - and despite all the awareness, they are all too often successful. But what can be done when the child has already fallen into the well?

Get all stakeholders on board

To limit the damage as much as possible, fast and coordinated action is required. All stakeholders are called upon to do this. Those who have already developed and established well-founded emergency plans are in a good position to fall back on them. The first step is to determine the possible extent of the damage and take the necessary immediate measures. This also includes the implementation of short-term safety precautions. If it becomes apparent that a major damage situation is involved, the management must be informed. 

In addition to the company's IT and security department, it may also be necessary to involve external agencies - especially if the handling of the incident and a possible recovery of the systems cannot be handled with in-house resources. Frequently, the crisis team is also activated in far-reaching damage scenarios. The communications department takes over the possible information of affected employees or customers. If the cyber attack affects the security of personal data, it may also be necessary to involve the relevant supervisory authorities. It is the responsibility of the data protection officer to check whether there is a reporting obligation. This reporting obligation arises from the General Data Protection Regulation (GDPR) and includes, in particular, information about the type of data involved and its confidentiality, the type of attack that occurred, and options for minimizing damage. The data protection coordinator also has a key role to play in such a case.

Preparing employees and managers for the worst case

However, specialist departments are not the only ones that play a key role in successfully dealing with a cyber attack. Each and every employee must do their part to minimize the damage of an attack and assist in managing the incident. It is therefore imperative to follow the instructions of the IT and security department. This applies in particular when dealing with potentially compromised data or systems. Suspicious circumstances or suspicious observations must be reported immediately to the internal departments. This is the only way to ensure that those departments dealing with the incident are aware of all important information. To ensure that employees and managers know their responsibilities and what to do in the event of a successful cyber attack, they must receive regular, role-specific training and awareness. Because professional training and awareness measures lay the foundation for efficient coping.

Sources:

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211021_Lagebericht.html

https://www.isico-datenschutz.de/blog/meldung-datenschutzvorfall/

https://www.8com.de/cyber-security-blog/die-5-grossten-cyberangriffe-des-jahres-2021

https://www.tagesschau.de/wirtschaft/bitkom-cyberangriffe-101.html