Respond Overview
A cyber attack can be fatal for any business. It is not just the big corporations that should be concerned. In fact, it is actually small and medium sized businesses that are the most likely to face an attack and the consequences are dire for these entities.
Up to 60 percent of small to medium sized businesses are forced to shut down permanently after a data breach. That is why every organization should have a response plan in place in case of a breach or attack.
Incident Response
There is no doubt that your company should be vigilantly trying to protect against would be attacks but even if you are doing everything you can to prevent an attack, you still need to be prepared if your network is breached. Just one misstep by an employee could expose your entire network.
On average, 56 percent of companies that are breached do not discover the breach for months and companies that suffer an attack, such as a ransomware attack, will on average be down for at least two weeks.
Incident response planning should start with a cyber risk and resilience review. Knowing where you are must vulnerable makes it easier to identify a breach when it happens. You then want to create a playbook of protocols and procedures for quickly addressing the fallout of a breach. This can include automatic data backups, automated responses that purge infected systems, quarantine parts of your network that may be compromised and restoring your network to a safe state.
Business Continuity
There are countless ways that a network can be attacked. You may not need to know every possible attack vector, you should leave that to your vCISO, but you should be aware of the most popular and effective attack types.
- Phishing – These types of attacks involve sending a fraudulent communication that tricks the receiver into giving up sensitive material. Often these come in the form of an email that asks for protected information such as passwords, redirects the person to a malware site, or has the receiver download malware to their computer. While these attacks are relatively unsophisticated, they work surprisingly well and often.
- Distributed Denial of Service Attack (DDoS) – Hackers use DDoS attacks to shut down networks. The way these attacks work is through use of a bot network of infected computers that overloads a network with a flood of fake requests. This makes it so that legitimate requests to the server cannot get through.
- Malware – Malicious software can get onto your computer systems through bad links or downloading infected attachments. This software is often used to steal sensitive data.
- SQL Injection – Structured Query Language (SQL) has widespread use for maintaining databases. SQL injection involves an attacker inserting code into an SQL server that makes it reveal information contained in the database, destroy data, or spoof an identity.
Digital Forensics
If we’ve learned anything from crime shows on television, it’s that there are always traces left behind after a crime has been committed. In the digital landscape, this is true as well. A cyber criminal will leave behind some traces of how they got in and out. Digital forensics is a matter of looking through the electronic data available and making an interpretation based on the evidence of what may have occurred.
The digital forensics process generally involves imaging of breached data, analysis of the data and a report of the findings. That process can include recovering deleted files and extracting registry information to see when and who accessed the data.
For instance, imagine your company is breached and data is stolen during the weekend. Where would you start? The process could be as simple as reviewing your registry data to see who accessed your network before the breach occurred. You may then find that the login information for an employee were used to access your server remotely. An analysis of that employees whereabouts at the time of the breach and his email history may reveal he was the victim of a phishing attack and his credentials were stolen. Digital forensics is just about following the clues but you have to know what to look for.
The Alliant Cybersecurity Advantage
The worst thing you can do after you suffer a cyber attack is to not have a plan. Alliant Cybersecurity and our experts will not only analyze your network to identify vulnerabilities and help you defend against attacks but our response planning will make sure you are prepared if the worst happens.
Reach out to us today for a complimentary review.