With the increase of security breaches and network intrusions, dealing with network security has become more challenging than ever before. There are many IT support companies out there who are ready to help businesses get a grasp on these issues. But first, it is important know how to deal with these issues in the best possible way to minimize damage and complicacies.
It is always a good idea to have clear plans when it comes to cyber incidents such as breaches or attacks. To help you get started, here is an article by Steven Chabinsky that talks about the mistakes you can avoid to make your process smooth:
5 Common Mistakes to Avoid in Cyber Incident Response
Network intrusions have become a fact of corporate life. A breach can not only be damaging to a brand’s reputation, but is increasingly factored in as one of the many costs of doing business. The impact of a breach depends upon a number of factors, including what assets are at stake and how quickly the breach is detected, contained, and remediated. Here are some mistakes that if prevented, companies can recover faster and more effectively after an incident.
With the average cost of a data breach totaling $3.8 million, you would expect companies to focus on the proactive detection of threats. Unfortunately, in today’s business world many struggle to efficiently and effectively detect intrusions, assess the extent of the compromise and engage the right level of assistance to remediate the problem. This had led to significant delays in breach detection and a rising remediation costs.
In particular, many businesses lack the necessary tools to perform proactive detection. A tendency to rely on internal personnel to fight fires without the necessary automation and managed response also compounds the challenge. Whether it’s a call to outside legal counsel, a computer incident response firm, a public relations/crisis management company, or all three, potential engagements should be pre-arranged. Contracts should be signed and ready to go, costing your company nothing unless and until you use them, but allowing for quick deployment.
Communicating with the hackers
Many companies that have been breached still use their internal systems to communicate about the incident. Whether it’s documenting a company’s incident response efforts and findings, or emailing others to enlist their help, using compromised systems as a method of communication is a bad idea. After all, unless hackers are removed, they could very well be reading those communications. If all-employee emails relating to an incident are required, such as to change passwords, businesses should consider them as routine IT requests until they are confident the hackers are out.
Pulling the Plug
For many, the first reaction upon spotting a hacker on the network is to pull the computer plug straight out of the wall. Yet, removing the power from a computer not only results in lost volatile memory, (much of which can be critical to a forensic investigation, and should be imaged), but may also lead the intruder to establish other points of entry. Action must be taken immediately to isolate key assets. Businesses should consider limiting remote connectivity or perhaps taking some systems offline. For those systems that continue to allow external network access, it is important to closely monitor Internet entry points to identify hacker activity in outbound network traffic.
Click to read more…
The smart move to deal with unexpected incidents and security breaches is to have predefined plans to deal with them as fast and as effectively as possible. Now that you have a better understanding of how to designing your strategies