Tuesday, November 27, 2012

How NOT to Recover Quickly From a Hacking Incident

With many determined hackers attempting to hack into websites, getting hacked is almost inevitable. It is not a matter of if but when your website is hacked, so we need a plan on how to get your website back up quickly when it happens. Websites routinely get hacked but they recover quickly. Websites from Nigeria, UAE, Bangladesh, Iran, Sweden and even Switzerland got hacked but they were quick in restoring their services. How they restored their sites was easy, but this piece is not about how their restored their sites. This is about how NOT to recover quickly from a hacking incident in general.

I recommend the following steps so you will NOT recover quickly.

1. DO NOT shut down your site immediately. Why is this important? News of a hacking incident spread fast. It is important that the public sees and confirms that your website is hacked. By not shutting down your site immediately, you show that you still maintain control of the website. You will shut it down when you want to and not because you have to. Also, by NOT shutting down the site, you allow the hacker to further compromise and infect the system. DO NOT mind if he has complete control of the website. He could further harm the system and it’s still not a problem because you DO NOT want to recover quickly.

2. DO NOT backup regularly. Why is this important? Backups that are a few months old mean that you will need tons of efforts to bring them up to date. This favors longer recovery times. You DO NOT want to recover quickly.

3. DO NOT PREPARE A RECOVERY PROCEDURE. Why is this important? You DO NOT want to recover quickly.

4. DO NOT IMMEDIATELY SEEK THE ASSISTANCE OF OTHER PEOPLE IN THE RECOVERY. Why is this important? You DO NOT want to recover quickly.

5. Overwrite your most recent versions with the old backups. Why is this important? Using the most recent version is the fastest way to restore your site. So why shirk away from a challenge? LOSE the recent version by overwriting it with old backups. 

6. Take your time assessing what happened. Why is this important? Take your time but do everything else frantically to make it appear that you’re doing something. You DO NOT want to know what unpatched OS vulnerability or unupdated malware or antivirus caused the hit because  you DO NOT want to know what patches and updates you missed. Ignorance is bliss.

7. DO NOT run antivirus and malware checks on the infected server. Why is this important? If you know what trojan, backdoor, or virus infected the site, then you can apply the appropriate remedy on your backup sites, but you DO NOT WANT to recover quickly.

8. Prepare to run a deprecated version of your website. Why is this important?  Spread your resources thin by preparing a deprecated version of the website that you will run after a hacking incident. The deprecated website will show the cyberworld that a) you have not recovered from the hacking; b) you have false hopes believe that a deprecated site will not be hacked; and c) you don’t have the confidence to face hacking attempts again (all because you took steps #6 and #7 above).

9. Dilute your resources by focusing on other processes. Why is this important?  Just shortly after a hacking incident is the best time to feign to study how to improve other processes not related to the hacking. This will deflect attention from the missteps prior to and shortly after the incident. This is also the time to blame the OS (even if thousands of sites still use them and the vendor still issues support and patches).

No comments:

Post a Comment


Related Posts with Thumbnails