Anyone who falls victim to a cyber attack has a lot to do and is all too often faced with a shambles. Those who have prepared themselves in advance come out of it better. But the same mistakes happen again and again.
Victims of a cyber attack face a second fiasco in the aftermath if no emergency precautions were taken. They run the risk of suffering a long-lasting and expensive breakdown, sometimes even bankruptcy, because the company does not manage to get back into regular operation. We name typical mistakes.
Recently, several German media houses have been victims of cyber attacks. These initially included the "Heilbronner Stimme", the Madsack Media Group and the Funke Media Group, as well as an IT service provider for the news agency dpa. Now the Rheinische Post (RP) has also joined the list of those attacked. A cyber attack on the Rheinische Post media group's in-house IT service provider CircIT was the cause. Several other publications such as the Bonner General-Anzeiger, the Aachener Nachrichten, the Saarbrücker Zeitung and the Trierischer Volksfreund were also affected.
Attack spreads far and wide: Handelsblatt also affected
Later it turned out that the successful attack had even wider implications: "The Handelsblatt is also a customer of the company and, due to the failure of the service provider, can temporarily only publish a print edition that is reduced in scope," press reports stated.
The RP Media Group called in external specialists for IT security: "Together with external security experts, the media group is now working to restore secure operations," the company told the German news agency Evangelischer Pressedienst (epd), according to tagesschau.de. There is said to have been no loss of data: "Data from users and customers was neither stolen nor compromised in any way," as the media group explained. Subsequently, work would be done in cooperation with specialised staff to restore normal operations.
Nevertheless, online editions were offline for several days or news portals were only accessible to a limited extent. Often, printed newspapers were only published as emergency editions, including the RP.
Differences in provision become visible
Soon after the attacks, differences in the effects became apparent, which indicate the effectiveness of the precautionary measures. While some only had to deal with restrictions and failures for a few days or had to work in emergency mode, others were only back to normal operation after several weeks. In a statement, a spokesperson for the RP therefore explicitly emphasised "the well-functioning emergency management".
The relevance of emergency prophylaxis is therefore increasingly emphasised by security specialists, because after a successful attack it is usually too late. Without precautions and external support, the consequences are often impossible or can only be dealt with at great expense.
Typical mistakes in emergency preparation:
- Missing or insufficient backup copies.
- Many companies lack contingency plans for different scenarios
- Emergency plans have not been sufficiently tested, errors only become apparent in an emergency.
- Underestimation of risks and threats
The least companies have sufficiently trained staff to be able to deal with extreme situations entirely on their own. However, recourse to external service providers after a loss is usually difficult unless a contract has been signed in advance with a service provider for IT security. Getting help from specialists at short notice is almost impossible, as they are usually well booked. In addition, the external experts need an overview of the company-specific IT structures. If these have to be worked out after an emergency, valuable time is lost. Larger companies know this and have usually taken appropriate precautions. However, the situation is different in small and medium-sized businesses. Many think it cannot affect them, others believe they can cope with the consequences of an attack themselves. However, they often underestimate the necessary measures, starting from possible negotiations with ransomware extortionists to cleaning up and restarting affected systems.
The German government has therefore attached great importance to emergency prevention in the recently presented national IT security strategy.