Your System Has Been Breached. What Do You Do?

 

No one wants to see it happen but someday it will. Your network administrator or IT department will inform you that some time previously your infrastructure has been hacked and exploited. After the initial shock has worn off, you have several choices to make. It is a small consolation but many others are also in the same predicament.

A study conducted by Symantec Corp. indicates approximately seventy five percent of all organizations have weathered or experienced a cyber attack in the past twelve months costing more than one million dollars over those twelve months for each business that was hacked and exploited. The same study indicates one hundred percent of all enterprises and organizations admitted they had suffered some form of loss of data in the past twelve months as well. Keith Crosley, one of the directors at Proofpoint, a security vendor, indicated that studies of their own showed greater than twenty seven percent of the two hundred companies in this study had suffered either an improper exposure for the complete loss of intellectual information in the past twelve months, with almost thirty three percent of the theft in the area of customer information in close to thirty four percent of the theft involved sensitive information.

The SecureWorks information assurance consultant, Rafe Pilling, gave a recommendation that the first step to take the debate to determine the extent and complete influence of the compromise in order to determine the next step or priorities that should be addressed. Rafe said, “Early on, thought should be provided if the business desires to bring back a service or conduct an investigation that supports evidence presentable in court. Incident response experts should be involved early on, they advise the methods of incident verification, bring back service and collect information in a forensic procedure.”

There should be in place an incident management process that will determine how serious the intrusion has become what level to escalate the intrusion and what crisis management plan should now be executed. Various departments including public relations, marketing, and various senior executives should meet and determine which individuals to inform of the matter, what should be said, and what assurances should be provided as well as any internal briefings to provide to others. Hiding the facts only makes the intrusion and exploitation magnified later down the line when it is finally discovered.

By not disclosing the incident, when customers do find out it has taken place there is a greater damage of customer relations and trust that requires mending. Rafe Pilling is quoted as saying, “Computer crimes are viewed as incompetence from the victim organization, leading to a large amount of pressure for businesses to hide them.” Coverups and hidden disclosures only assists the cyber criminals and hinders the effort of law enforcement and IT network security. Therefore, there should be a disclosure process ready to be put in place when the exploitation occurs.

The senior security consultant within the specialists of risk management corporation Pentura believes customers and organizations should be made aware of the situation immediately. “Businesses should inform law enforcement authorities of breaches no matter how sensitive. When attacks are identified, contained, and eradicated and systems are fine, decisions need to be made when to inform the public. Alerting the public before managing the problem will bring customer panic and assist competitors.”

In order to limit the damage done to the branding and market position of the organization, Rafe says, “If an business does not possess incident management, and business continuity with the assistance of disaster recovery it will become harder to decrease the damage. The quicker you respond the less damage that happens.” Placing yourself in a proactive stance and being ready before the exploitation occurs will reduce the overall impact of the attack. The same process holds merit when it is time to clean up after the attack has happened. Therefore you should know the location of your data within your information system thus allowing an easier process of cleaning up without conferring a normal business activities. “Regular backups help you restore data systems with minimal downtime.”

Once your infrastructure has returned to normal there must be a process of understanding how the exploitation occurred, responding to the exploitation and what methods can be put in place to either mitigate the next attack were better respond to future security intrusions. Security risk management followed in a precise manner before and afterwards will go along way in minimizing the effects in damage.

In summary, incident management includes verification and incident has occurred, and then applying just how far the impact effects the company, such as the theft of customer information or other sensitive data, and capturing any and all evidence of the intrusion and any further activity, including servers and workstations, analyzing the systems that were compromised, and collecting log information from the network. The next step is to put a halt to any compromises that may be continuing, determine the full damage and move to a plan of repairing that damage. Next is to assess how the attack entered your infrastructure and plan to strengthen your defenses. Security patches and other updates to your system including servers and firewalls should be a continual process. Once disaster recovery has been completed there should be a final analysis of the areas that were compromised, an investigation of the evidence collected, and a compilation of the evidence moving forward to pursue any legal action necessary.

CISSP online training and certification in information security is a necessity for enterprises and organizations concerned about their proprietary and sensitive information. The security risk management, business continuity and disaster recovery, access control, cryptography, telecommunications, network security, and more should be provided in a strong and quality training format designed to combat the growing information threat. training includes the above issues and other important security topics in their information security certification training.

About Us: Next Generation Training and its compliment of quality training courses elevate all users in the areas of productivity and understanding. Online learning allows anyone to pick up their studies any time of the day or night at their own pace. PMP project management training courses help managers and businesses increase their ratio of successful projects that reach the customer and exceed all expectations. Discover the advantages of Next Generation Training today.