New kids on the block: Meet e-CSIRT!
Picture source: www.pexels.com
There is a saying in information security – „The question is not if you get attacked it is when…” In the daily news we can read how one or another company has fell victim to a cyber-attack. It is easy to think that this will not happen to us. Unfortunately, that’s not true. What to do when the worst has happened? First hours and days have critical importance. The question that you should ask from yourself if you are responsible of IT Security is as follows. Is our team experienced enough to handle the consequences of an attack? If yes, then that is great, if not it is wise to reach out for extra help.
In CYBERS we have developed a new service for situations like these. eCSIRT – Emergency Computer Security Incident Response Team is a group of specialists who work on solving these types of problems. They will join forces with your organization and bring skills, knowledge, tools, and experience to the table to solve the incident. During the response we investigate how attackers got into the network, what were their goals and what kind of access they possess. First step is to collect data and store it for future investigations. From analysis we can understand what the urgency, scope and impact of the case is and what could be the possible attack scenario. To learn about customer systems and infrastructure an information gathering is needed. This will be used as input to come up with a plan to minimize the incident impact.
Sharing few pointers.
Here are a few pointers If you find yourself and your organization in the middle of an attack. First, block external connections and isolate infected systems. Domain administrator accounts need to be closed and new ones created. Also, Kerberos tickets need to be rotated together with privileged account passwords. It is important to find accounts that were created by malicious actors. Apply all missing security updates and monitor the activity of privileged users. It is also important that Police and local CERT are notified.
How to handle cyber incidents?
The best way to handle cyber incidents is to prevent them. Investing in cybersecurity is always more affordable then handling the consequences. How much does one cyberattack cost? Attackers do their homework and are aware how much your company makes money. Ransomware attackers usually price their demands to 5% of your annual recurring revenue. Considering the possible reputation damage, downtime the real cost is even greater. Taking 2-3% of your revenue and invest it to cybersecurity can prevent these costly situations in the future.