New kids on the block: Meet e-CSIRT!

CYBERS 30.09.2021

There is a saying in information security – „The question is not if you get attacked it is when…” In the daily news we can read how one or another company has fallen victim to a cyber-attack. It is easy to think that this will not happen to us. Unfortunately, that’s not true. What to do when the worst has happened? First hours and days have critical importance. The question that you should ask yourself if you are responsible for IT Security is as follows. Is our team experienced enough to handle the consequences of an attack? If yes, then that is great, if not it is wise to reach out for extra help.

 

What’s next?

In CYBERS we have developed a new service for situations like these. eCSIRT – Emergency Computer Security Incident Response Team is a group of specialists who work on solving these types of problems. They will join forces with your organization and bring skills, knowledge, tools, and experience to the table to solve the incident. During the response, we investigate how attackers got into the network, what were their goals, and what kind of access they possess. The first step is to collect data and store it for future investigations. From analysis, we can understand what the urgency, scope, and impact of the case are and what could be the possible attack scenario. To learn about customer systems and infrastructure information gathering is needed. This will be used as input to come up with a plan to minimize the incident impact.

 

Sharing few pointers

Here are a few pointers If you find yourself and your organization in the middle of an attack. First, block external connections and isolate infected systems. Domain administrator accounts need to be closed and new ones created. Also, Kerberos tickets need to be rotated together with privileged account passwords. It is important to find accounts that were created by malicious actors. Apply all missing security updates and monitor the activity of privileged users. It is also important that Police and local CERT are notified.

 

How to handle cyber incidents?

The best way to handle cyber incidents is to prevent them. Investing in cybersecurity is always more affordable than handling the consequences. How much does one cyberattack cost? Attackers do their homework and are aware of how much your company makes money. Ransomware attackers usually price their demands to 5% of your annual recurring revenue. Considering the possible reputation damage, downtime the real cost is even greater. Taking 2-3% of your revenue and investing it in cybersecurity can prevent these costly situations in the future.

Share

Share

Latest blog posts

21.03.2024

Securing the future: uniting service design and cybersecurity for digital excellence

Explore the fusion of service design and cybersecurity in our latest blog post, inspired by KüberCAST’s enlightening episode with Andres Kostiv. Learn how this integration not only enhances digital service innovation but also fortifies user trust and safety in the evolving digital landscape.

Keep reading
07.03.2024

Unveiling LockBit: The Dynamics of Cybercrime and the Takedown Saga

Dive deep into the world of cybercrime with insights from Alexander Leslie of Recorded Future, exploring the LockBit ransomware’s rise and fall, the strategies behind its operation, and the collaborative efforts leading to its takedown.

Keep reading
23.02.2024

The Era of Data Security and AI: A Strategic Approach to Digital Transformation

Delve into the complexities of data security and AI, understanding how these pivotal technologies are transforming business strategies and operational efficiencies.

Keep reading