New kids on the block: Meet e-CSIRT!

CYBERS 30.09.2021

There is a saying in information security – „The question is not if you get attacked it is when…” In the daily news we can read how one or another company has fallen victim to a cyber-attack. It is easy to think that this will not happen to us. Unfortunately, that’s not true. What to do when the worst has happened? First hours and days have critical importance. The question that you should ask yourself if you are responsible for IT Security is as follows. Is our team experienced enough to handle the consequences of an attack? If yes, then that is great, if not it is wise to reach out for extra help.

 

What’s next?

In CYBERS we have developed a new service for situations like these. eCSIRT – Emergency Computer Security Incident Response Team is a group of specialists who work on solving these types of problems. They will join forces with your organization and bring skills, knowledge, tools, and experience to the table to solve the incident. During the response, we investigate how attackers got into the network, what were their goals, and what kind of access they possess. The first step is to collect data and store it for future investigations. From analysis, we can understand what the urgency, scope, and impact of the case are and what could be the possible attack scenario. To learn about customer systems and infrastructure information gathering is needed. This will be used as input to come up with a plan to minimize the incident impact.

 

Sharing few pointers

Here are a few pointers If you find yourself and your organization in the middle of an attack. First, block external connections and isolate infected systems. Domain administrator accounts need to be closed and new ones created. Also, Kerberos tickets need to be rotated together with privileged account passwords. It is important to find accounts that were created by malicious actors. Apply all missing security updates and monitor the activity of privileged users. It is also important that Police and local CERT are notified.

 

How to handle cyber incidents?

The best way to handle cyber incidents is to prevent them. Investing in cybersecurity is always more affordable than handling the consequences. How much does one cyberattack cost? Attackers do their homework and are aware of how much your company makes money. Ransomware attackers usually price their demands to 5% of your annual recurring revenue. Considering the possible reputation damage, downtime the real cost is even greater. Taking 2-3% of your revenue and investing it in cybersecurity can prevent these costly situations in the future.

Share

Share

Latest blog posts

03.03.2022

Cybersecurity as part of defense measures against modern war fighting capabilities

CYBERS in cooperation with Recorded Future will share insights on the ongoing cyber crisis which started several months before the military invasion. This article provides an overview of the current situation, as well as the recommended emergency actions that should be taken by organizations to withstand this cyber conflict.

Keep reading
20.01.2022

Testing and identifying the value of your next cybersecurity solution

The security world is changing rapidly and we are slowly reaching another huge milestone. Not a very happy one though: manual security operations are no longer sufficient. This is a little bit painful to admit but the fact remains: if you rely on the manual labour of CTOs, CISOs and their teams to react to an incident, then you are in for a very rude awakening.

Keep reading
27.12.2021

Are you at risk from the security vulnerability found in the Java-based Apache Log4j logging feature?

A security hole was discovered in the Java-based Log4j logging feature, affecting millions of businesses, government agencies, and cloud services using this popular Apache library. Are you at risk?

Keep reading