5 Steps for Protecting Your Organization Using Cyber Security
In 2013 massive attacks on companies such as, Yahoo, Target, and Michaels had a significant impact on the IT security industry. Prior to these massive attacks and brand-crushing incidents, terms like “data breach” and “hackers” had not yet appeared in the mainstream media. IT security experts now predict that in 2014 and 2015 more organizations will fall victim to similar cyber attacks. Today, hackers spend 100 percent of their time searching the Internet looking for vulnerabilities they can capitalize on. While companies, spend all their time and resources to protect their systems and eliminate these vulnerabilities.
Steps To Improve Your Company’s Response Strategy And Prepare For These Attacks
Detect and identify malicious situations within your organization
At first: After your IT security team have identified and validated a malicious attack on your network they need to react and act quickly. The first line of defense is to establish a cross-functional team to handle and oversee the response process. After, locate “patient zero” and locate any devices that have been compromised from this attack. Finally, start to analyze the malware to see how it got in, determine if the malware has ex-filtered any data, and how it is behaving on your network.
After identifying the problem determine if you should contain it or remove it
Secondly: After your security team has identified the severity of the attack, the extent and nature, the team has to decide if they can contain the malware or they have to directly remove it. The goal of your team is to contain and stop the malware attack on your systems. To accomplish this, disable certain functions, determine the access point, remove user access or login to the system, and prevent further damage by blocking the malware.
Remove malware and recover your systems
Third: Your security team must first identify all infected hosts in your network, kill the malware active process, take all necessary precautions to remove the threat and recover your network. Your team must remove all backdoor’s, malicious programs, and files that were created by the attacker. Save all the files to investigate the nature of the malware and how it entered into your network. Separate all sensitive data into good or bad files. After, have your team check all associated network systems, fix all vulnerabilities, apply patches, and correct all misconfigurations to prevent further attacks. After, reinstall all affected files, perform a damage assessment, and all infected host system should be disconnected from your network and evaluated by forensic software.
Take a proactive stand to prevent a nuanced version of the attack on your network
The fourth tip: Protect your company by having your IT security team investigate your system environment for IOCs. Your team should continue to collect data, look for malware signatures, use behavioral detection algorithms, and stay up-to-date with the latest countermeasures. Continue to educate your employees about network threats and report suspicious emails or other email attachment to your IT security department.
Don’t let the hacker know you have discovered their attack on your network
The fifth tip: Once the attack is identified on your network tell your security team to not compromise your network by using the compromised system before establishing an out-of-band communication. Never allow your security team to try hacking back or report the malware attack to a reporting site. Once the hacker understands they have been identified, they can deploy a different technique when your security team is busy containing the first attack. Never supply the hacker with information so they can alter their attack methods on your network.