Lightning Does Strike Twice

If you get hacked once - you'll probably be attacked again inside 12 months.

Businesses may feel that if they’ve been the victim of cybercrime once, it won't happen again. And they’d be wrong. Analysis of successful cyberattacks reveal that as often than not, attackers return to the scene of the crime.

Your local police will tell you it’s the same when a house is burgled: if the thieves get away with it once, they’ll target the same place again. Many regard a cyber breach as they would a lightning strike – a bolt from the blue that is unlikely to strike them twice. Businesses that suffer a successful cyberattack are highly likely to be targeted by cyber criminals again – even if they've taken all the correct steps in the aftermath of the initial attack.

In over two-thirds of cases where there are outside intrusions on a network, cyber criminals will attempt to break into the same network within a year. They come back hoping that an organisation has not learned the lessons of the first attack and so has the same vulnerabilities in place that allowed the initial cyber breach to occur.

A recent study in the US reported up to 80% of companies previously infiltrated experienced another intrusion attempt within 12 months. In most of these cases, a second attack was prevented from gaining access to the network due to more stringent cybersecurity measures having been put in place – such as MFA, complex password policies, zero trust models and so on.

Organisations that do not take proactive measures to better prepare for another cyberattack will almost certainly be the victim of secondary attacks resulting in additional data loss, ransom demands, extortion or other monetary losses requiring:

• expensive legal intervention

• hiring of response services

• loss of reputation

• business interruption

• Payment of extortion demands

In the aftermath of a breach, businesses must invest in security measures to minimise the chance of further breaches. In addition, organisations must educate their employees about the risks of clicking suspicious email links and other behaviours cybercriminals try to take advantage of. It’s also wise to put emergency response measures in place should another incident occur – this will help to ensure harm is minimised. Perform regular penetration tests to find potential vulnerabilities before the hackers do, then fix them as soon as is practicable.

Ongoing vigilance is essential in detecting and stopping intrusions. Continuous monitoring and response is always better than a one-off emergency response. As the old saying goes - prevention is always better than cure.

Contact Cyberlorian with any cybersecurity concerns you may have.

Raph Tripp has worked in a variety of roles including IT management, Operations, project management, PMO and as both systems and business analyst. Since 2000 he has worked in a range of industries including gaming, hospitality, managed services, NFP and education.