Home
/
Blogs
/
Top 9 Tips for Companies Affected by a Cyber Attack
Text Link
02.02.2022
Gabrielius Vinciunas

Top 9 Tips for Companies Affected by a Cyber Attack

It is a common misconception that cyber criminals attack the same victim only once. Thinking 'why would attackers try to break in again, especially after we have fixed our vulnerabilities?' is precisely the attitude that leaves companies exposed. Repeat attacks are not the exception – they are the norm.

Statistically, if a company has already experienced a ransomware attack and paid for the ransom, it is very likely to be targeted again.  

According to a Cybereason ransomware study, many organisations that paid a ransom experienced subsequent attacks, often from the same or affiliated threat actors. Paying a ransom does not eliminate future risk and may increase the likelihood of being targeted again.

Information about companies that pay criminals is not kept confidential; it circulates between criminal networks and can even be made publicly available.

In this article, the Baltic Amadeus team presents real-world examples of repeat attacks, along with nine practical tips on how to respond after a cyber attack and protect your organisation going forward.

Why cyber criminals repeatedly target the same companies

For businesses experiencing a cyber attack for the first time, recovering trust from customers, partners, and stakeholders is already a significant undertaking. Often, it is only after a major incident that companies decide to invest more resources in security, and even then, many underestimate the ongoing risk.

Global practice shows that past victims are frequently targeted again. Here are three well-known examples:

LinkedIn – In 2012, cyber criminals stole data from approximately 6.5 million LinkedIn users. By 2016, investigators determined the breach was far larger than initially reported, with 117 million accounts compromised. In 2021, data associated with approximately 700 million LinkedIn profiles was advertised online following large-scale scraping activity, again raising concerns about data exposure and platform security.

Marriott International – In 2018, approximately 500 million hotel guests' personal data was exposed in a major breach. Less than two years later, Marriott suffered a second attack, exposing data from an additional 5.2 million customers. Despite the reduced scale of the second incident, there is no guarantee that future attacks will be less severe.

Yahoo! – In 2013, Yahoo! experienced its first significant breach, affecting over one billion accounts. In 2014, a second attack exposed the names, surnames, phone numbers, and other personal details of approximately 500 million users.

9 cyber security tips for companies affected by a cyber attack

Whether your organisation experienced an incident last month or several years ago, the following steps are essential for reducing the risk of recurrence and minimising future damage.

1. Analyse the incident thoroughly  

Every cyber attack should be followed by a detailed post-mortem. Examine what errors were made, how attackers gained access, and what actions are needed to prevent recurrence. For example, if criminals gained access by manipulating a URL string, access controls should be tightened and secure programming practices introduced. Assess whether similar vulnerabilities exist elsewhere in your systems.

2. Conduct regular internal and external security assessments

Self-assessment alone is not enough. Schedule periodic external and internal system inspections to identify potential gaps and close them. Where necessary, add additional layers of protection: multi-factor authentication, for example, is a straightforward and highly effective measure.

3. Make employee education a priority

The human factor is one of the most significant contributors to successful cyber attacks. Developing and maintaining employee cyber security competencies should be an ongoing priority, not a one-time exercise. Well-trained staff detect potential incidents earlier and respond more appropriately when an attack occurs.

4. Develop and maintain an incident management plan

Employees need to know how to assess the severity of an incident, who to contact, and what steps to take. Review and update your information security policies, access control procedures, and incident management plan regularly. A clear plan not only helps prevent attacks but also limits the damage when one does occur. The plan should also be tested periodically through tabletop exercises or simulated incidents to ensure employees understand their responsibilities during a real-world event.

5. Back up your data and protect those backups

Losing all business data is largely avoidable with regular, properly stored backups. Ensure backups are stored securely, tested periodically, and kept on infrastructure that is isolated from your primary systems.

6. Define a crisis communication plan

Poor internal and external communication during a cyber attack can be just as damaging as the attack itself. Companies that adopt denial tactics or conceal information about an incident risk their reputation and the security of all stakeholders: customers, partners, and employees alike. Prepare a crisis communication plan before an incident occurs, even if the risk seems low.

7. Enforce solid workplace security practices

Basic physical security matters. Unlocked and unattended computers, even at home, can lead to data deletion, information leakage, virus infection, or file encryption. Additional practices to enforce include:

  • Always lock screens when stepping away from a device.
  • Never insert unknown USB storage devices into work computers.
  • Don't allow unauthorised individuals into the workplace.
  • Report suspicious persons or behaviour immediately.

8. Guard against social engineering

Social engineering, where criminals impersonate trusted individuals to trick victims into taking specific actions, becomes an even greater risk after a breach, as attackers may already hold personal information about your employees or customers. They can use this data to craft highly personalised and convincing scams. Security awareness training that specifically covers social engineering tactics is essential.

9. Address the specific risks of remote work

Home working environments typically have fewer security measures in place and are harder to administer than office networks. Risks include connecting to untrusted Wi-Fi networks, forgetting to use a VPN, leaving devices unattended in public, and ignoring system warning messages. Clear remote working security policies and regular reminders are necessary to keep these risks in check.

Frequently asked questions about recovering from a cyber attack

Why do cyber criminals attack the same company more than once?

Repeat attacks happen for several reasons: companies that have paid ransoms are known to be willing to pay again; previously breached infrastructure may still contain residual vulnerabilities; and criminal networks share intelligence about profitable targets. Paying a ransom, in particular, significantly increases the likelihood of being targeted again.

What is the first thing a company should do after a cyber attack?

Contain the incident to prevent further damage, then notify relevant internal stakeholders and, where required, supervisory authorities, sector regulators, affected customers, or national cyber security agencies. Initiate a thorough post-incident analysis to understand how the attack occurred and what needs to change.

How can companies reduce the risk of a repeat cyber attack?

Key measures include conducting a detailed root-cause analysis of the original incident, patching identified vulnerabilities, strengthening access controls, training employees, implementing multi-factor authentication, maintaining tested backups, and developing a formal incident management plan.

Should companies pay a ransom after a ransomware attack?  

Security experts and law enforcement agencies generally advise against paying ransoms. Payment does not guarantee data recovery, encourages further criminal activity, and, as the statistics show, significantly increases the likelihood of being targeted again.

What is social engineering, and why is it a risk after a data breach?  

Social engineering involves criminals impersonating trusted individuals (colleagues, suppliers, customers) to manipulate victims into revealing information or taking harmful actions. After a breach, attackers may already possess personal data that makes their impersonation more convincing, making employees particularly vulnerable.

Final thoughts on cyber criminals' aftermath

Threat actors frequently revisit previously compromised organisations because they may still contain exploitable weaknesses, known access paths, or evidence that the organisation is likely to pay a ransom. For companies, this means recurring losses – financial, operational, and reputational.

Information security requires continuous improvement and maintenance. Solid preventive practices reduce the likelihood of an attack. When an attack does succeed, a thorough post-incident review and a clear action plan reduce the damage and the risk of recurrence. The earlier action is taken, the better the outcome.

If you want to start implementing effective information security practices at your company, the Baltic Amadeus team is ready to help. Get in touch.

Let’s talk about your project

Starting something new or need support for an existing project? Reach out, and our experts will get back to you within one business day.

+370 52 780 400
[email protected]

Start the conversation

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.