Cyber Attack on Yahoo!
In January 2014, Yahoo database server was hacked by the cyber attackers and affected up to 500 million users. After investigation of cyber-attack and vulnerability of the website, attackers claim that 200 million Yahoo user account details are on sale in the dark web marketplace. The account information including username and password is easily crack by the free available tool was later listed with the price of 3 Bitcoins which was roughly 1800$ at that time.
The chief research officer also claims that the hacker team or a hacker who is behind this cyber-attack already used this information to hack in too many other services such as Bank account, PayPal, Email Service and also Netflix and eared much value from them.
Now the question came to mind that if large-scale companies like Yahoo get hacked by cyber attackers and stolen the privileged information about their users than what about the companies running on medium scales and small scales. Today we are sharing some steps that every company need to be followed for protecting the privilege information from cybercriminals.
Steps of recovering from the cyber-attack and security breaching.
- Respond quickly.
“It’s all about speed,” said IBM director of incident response and intelligence services. The Company or Organization need to respond quickly to the cyber incident i.e. find the infected area and remaining vulnerability helps to recover time and money. Company or Organization complete their post-mortem within a month can save an average $1 Million, according to the IBM and Ponemon Institute cost of a data breach study. Vice president of Fraud & Identity product strategy said that “Every day it goes undetected, unchecked, that’s going to escalate damage,”
- Have a plan in place.
A computer should always ready with response plan when cyber-attack take place. When response plan executed, three key teams need to be engaged – An incidence response team, a crisis communications team, and outside counsel. As per the cyber law, the Legal firm focused on computer security, this type of response plan in critical conditions is mendatory to prevent themself from cyber incidents.
If the company has done preparation all legal and procurement done before time, companies can save their precious time in breaching events because one hour makes a huge difference when responding to the breach.
- Be prepared to access the data for investigators.
The investigator response team will need access to a company’s network and host to find the thread on the server and the client or customer connected to the server are informed. The more time investigation team will take to identify the vulnerability and thread, the more its cost to them.
- Be ready to do damage control.
When the investigation process is running it can be possible that Gigabytes to Terabytes of database get corrupted and it is possible that it gets deleted permanently. Investigation process can also affect the hardware and can bring the huge damage to the system.
- Have a crisis communications plan for employees, customers, and the media.
After the events, we have to answer and give the explanation to our customers as well as media about the cyber-attack and attackers before it is known through other sources. Employees can not perform essential task for that period of time while the company is losing Millions of money in this kind of cyber-attacks. Employees may require more money to work overtime and recover all the things as soon as possible.
By following this types of crucial steps it is possible that the company or organization can be recovered from cyber-attacks as soon as possible.