Ten years ago, when any technology suddenly stopped working, the gut reaction for most was that the fault was due to a technical error. In today’s more hostile digital environment, people may immediately think a down of tools is the result of a cyber-attack instead. Nobody wants to be impacted by either, of course, but it’s crucial to know what’s happening so it can be resolved as soon as possible.

With the frequency of cyber-attacks on the rise, this situation is increasingly common. And unfortunately, it can cause huge amounts of stress, confusion, and, in the worst-case scenario, panic. In that first moment, it’s best to stay calm and take a deep breath. Then you need to find out what’s going on.

But how can organisations safely and confidently check if an IT outage is due to an external cyber-attack or an internal technical problem that can be easily fixed?

Follow these steps to determine the source of the issue:

1. Engage IT support: Involve your IT support team or service provider. They can conduct a more thorough investigation and may be able to identify issues that aren’t immediately apparent.
2. Initial analysis: Begin by assessing the nature of the outage. Is it localised to a specific system or is it widespread? Does it involve systems that are typically targeted in cyber-attacks?
3. Check system logs: System and network logs can provide valuable information. Look for unusual or suspicious activity such as multiple failed login attempts, unexpected changes in file sizes or system configurations, or abnormal network traffic patterns.
4. Inspect network traffic: Use network monitoring tools to inspect the nature of your network traffic. Unusual traffic patterns could indicate a cyber-attack. For example, a huge traffic spike could indicate a distributed denial-of-service (DDoS) attack, for example.
5. Verify updates and patches: Ensure all systems are up to date and that all patches have been properly applied. An outage could be due to a system glitch or bug that’s been addressed in a recent update.
6. Consult with a cyber security expert: If you’re still unsure, an expert can perform a detailed analysis and help determine whether a cyber-attack has occurred.
7. Incident response plan: If a cyber-attack is suspected, activate your incident response plan immediately. This should include isolating affected systems, preserving evidence, notifying appropriate parties, and taking steps to prevent further damage.

To explore more about what to do in the event of a cyber-attack, read our blog, ‘Cyber-attack survival: seven crucial dos and don’ts’.

Prevention is better than a cure

When it comes to cyber security, prevention is key. And good planning and preparation are crucial to minimising the chances of cyber-attacks being successful. By adopting strong cyber security hygiene practices, training employees to be aware of cybercriminals’ tactics and techniques, and implementing a good incident response plan, any organisation can be in a better position to quickly identify, or prevent, potential cyber-attacks.

As cyber-attacks are now omnipresent, it’s now more likely to be a question of ‘when’ an organisation will be compromised, rather than ‘if.’  That’s why cyber resilience – the ability to bounce back from a setback and resume business as usual – is essential.

Contact us today

Quorum Cyber’s services are designed to protect any organisation before, during, and after any kind of cyber-attack. You can contact us about any of our cyber security and data security services and to discuss how we can protect you.