Soyou’ve been breached. Whatnow?

As businesses settle into a new post-pandemic normal, cybercriminals have been busier than ever. Check Point Research reports that cyber attacks on corporate networks increased by 50% in 2021 compared to the previous year; by December, businesses were experiencing an average of 925 attacks per week.

Of course, not every attack is successful, and even when criminals do manage to get into your systems, that doesn’t always result in a data breach. But you need to plan for that possibility. “We know that data breaches like ransomware are pernicious, effective and on the rise,” Ed Williams, director of Trustwave SpiderLabs (EMEA) said. “No matter what the size of the business is, they should be planning for the worst – while ensuring, through good cyber hygiene, that it doesn’t happen.” We’ve spoken to incident responders and cybersecurity professionals to determine just what a small-to-medium-sized business should do once a breach has been detected.

▝ Begin at the beginning

Any kind of security response requires a methodical investigation. As Dave MacKinnon, chief security officer with N-able says, this means addressing the five Ws – “who, what, when, where and why?” – and you can also add