The risk of theft or data compromise continues to increase. Most of us know that there is no such thing as 100 per cent security. Unfortunately, it’s only a matter of time until a security incident occurs. When an incident occurs, it’s common to observe rantic running around and people improvising action plans. Often, the [...]

The Sunday Times Sri Lanka

Security features on internal networks alone insufficient to protect your company from a hack (in)? – Special Report

View(s):

The risk of theft or data compromise continues to increase. Most of us know that there is no such thing as 100 per cent security. Unfortunately, it’s only a matter of time until a security incident occurs. When an incident occurs, it’s common to observe rantic running around and people improvising action plans. Often, the IT departments clean the computer system after a cyber incident without assessing the impact including whether confidential information has been stolen or compromised. The lack of preparation can lead to disaster, as bad decisions are made under pressure. Hence, it is necessary to have an incident response plan in place that is tailored to your organisation’s business environment to minimise disruption or losses to business operations in the event of an incident.

Sujit Christy

This is a vast topic, but here are few tips for you to consider in your incident response plan. I hope you will never have to use them, but the odds are at some point you will. No one wants to have a security incident and I hope being ready saves you from all the inconvenience and stress.

According to the CERT Coordination Centre, a security incident is defined as a violation of: an explicit or implied security policy; an attempt to gain unauthorised access; an unwanted denial of resources; an unauthorised use of electronic resources; and a modification without the owner’s knowledge, instruction, or consent.

Common security incidents
These security incidents usually fall into one or more following common scenarios:

  • Inside jobs; an employee or contractor working in an organisation may exploit his/her position to hack the organisation’s computers or otherwise compromise its IT systems including denial of service.
  • Social engineering; this is a low-tech or non-technical hacking technique used to persuade people to compromise security procedures and disclose confidential and sensitive information.
  • Malware; these are most prevalent in exploiting vulnerabilities in the networks and computer systems. Hackers usually induce employees into opening infected e-mails where the malware is designed to steal confidential information such as password, credit card numbers, bank account numbers and denial of service.
  • Extortion and blackmail; an organisation may receive threats from hackers claiming to have hacked its website or computer systems offering to return stolen confidential information in exchange for money or property. In some cases, unavailability of data leads to denial of service.

Threat assessments
As a first step, organisations should conduct a threat assessment to determine whether its computer systems have been attacked and, if so, how it was accomplished. Then the organisations should do the following:

  • Determine the feasibility of restoring critical systems where a denial of service attack affects critical infrastructure. This includes assessing whether restoring service will negatively affect collecting evidence in the investigation.
  • Determine whether the extortionist has done what he/she claims by isolating areas that may be affected to determine if they have been compromised.
  • Document all aspects of the investigation and secure and preserve all evidence, including logs of critical system events.
  • Incidents should be classified and the severity level should be determined. The severity level of the incident should dictate the course of actions that should be performed to resolve the incident.

Once the systems are restored, the response team should determine what cyber security management improvements are needed to prevent similar incidents from re-occurring and or whether the cyber incident response plan should be improved.
All details related to the incident response process should be documented and filed for easy reference. This provides valuable information to unravel the course of events and can serve as evidence if prosecution of intruders is
necessary.

Know why you are targeted
As an individual, knowing why you are a target can also sometimes help you understand how you were breached. If it was your bank account, it is your money. In the case of an e-mail hack, it is to send spam, request money from your contacts, reset password on other services or even try to gain access to your business. In order to recover your email, or other services that use the same or similar password, reset your password by answering a secret question or by sending the password reset details to the secondary email address associated with your compromised account. It is also possible to reset your password using your mobile number, if it has been previously configured. You should be changing your passwords periodically and avoid reuse of passwords or use schemes that result in similar passwords such as password123, password124, etc.

In today’s fast-moving technological world, having security features on internal networks is no longer sufficient to protect or shield your company from intrusion attempts, either internal or external. Therefore, it is essential for your organisation to have a well-defined and systematic procedure to respond to security-related incidents. This ensures you are adequately prepared to respond and recover from incidents that may potentially disrupt critical business processes.

The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He is the founding member and President of the (ISC)2 Chennai Chapter, Founder/President of Information Security Professional Associates (iSPA) and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com.

Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.