My Company got Hacked: What I did right and what I did wrong?
Introduction
One day, I received a call from a well known startup co-founder. He was nervous, worried and in a panic mode.”I got hacked”, he said. Their website was hacked with some of their customer's data being breached. In CyberTalents, we provide incident response services and in less than 24 hrs we were able to match him with one of our best talents to look over the case, put a remediation plan and bring business to work asap.
After fixing the issue, we decided to have this discussion with him trying to understand what he did right and what he did wrong. The main objective of this article is to transfer knowledge and share the experience with other co-founders who might face similar situations
He started saying that: My company got hacked: Let me tell you some of the stuff we did wrong?
What did I do wrong ?
People might think that what we did wrong is related to a bug in our application or a missing antivirus in our system or others. However, what I will mention here is what we did wrong after we knew of the attack.
I learned that: “There are two types of companies, those who have been hacked and those who don’t know yet that they have been hacked”. So putting security measures is important but what is more important is how we will act when the incident happens.
It is very important to keep calm during the incident. I was in panic mode, customers’ data might be breached, service was not available, and I was receiving calls and mails from customers asking about the current situation. It was my first time to face such a situation. This affected the rest of my actions.so, my advice keep calm, this is not the end of your startup journey, this is one of the challenges that we face everyday and we will pass it.
Also, I didn't have any cybersecurity expertise in my technology team nor a consultant that I can get back to him in such cases. Thus, we didn’t know what exactly happened and how badly we had been hit. Is it only a data breach for an old archived data, or this is an availability issue, can the attacker extend the harm to other apps ? So, knowing the exact situation is crucial in such events and we should have measured the harm before doing any action. During the incident, my main objective is to go back live as soon as possible which caused us to install a new backup which has the same vulnerabilities which was not the best idea to think of.
Although, i did some wrong actions but i have done also some right actions
What did I do right ?
We decided to shut down our service till we figure out what happened, fix it and then have a new fresh version.I hired an expert to investigate what happened, discover the vulnerabilities and put an action plan to fix them. CyberTalents is an excellent source as they have thousands of experts in different cyber security domains with affordable prices. The expert was able to put a plan in a few hours and started to implement immediately.
We ran a full penetration testing on our website using CyberTalents experts and they were able to discover some critical vulnerabilities in our application which we believe was the main reason for the data breach. Our developers started to fix the security bugs immediately with the help of CyberTalents experts.
In less than 48 hrs, we were able to get back online with a new version of our application. Also, we kept putting ongoing measures after the incident to keep security part of our process. I suggest you read the article Top 10 tips to secure your startup, and the article What to do when your company gets hacked. Both have the basics that I believe every startup should know and adopt as a baseline. Finally, attacks will hit you one day but make sure to be ready and have taken your steps.
My advice to all the co-founders:
Advice => 1 Make sure to have a security expert close to you either in your team or outsourced
Advice => 2 Don’t act. Wait till you evaluate the situation before doing any wrong action that might make the situation worse.
Advice => 3 Minimize the impact
Advice => 4 Assess the situation
Advice => 5 Implement your fixes
Advice => 6 Prevent the same type of attack by implementing an ongoing security process.