ESET: As modern business is increasingly based on digital technology, and cybercrime is constantly on the increase, corporate data protection is all the more important.
Denise Giusto Bilic, her Security Researcher ESET, advises companies and organizations that have been attacked, to take five key steps in order to protect their important resources.
Step 1: Determine the range of infection.
Companies that have been attacked usually rely on their intuition to assess the situation rather than analyzing the problem. If the company has invested in the development of robust Emergency Management Systems, it is possible to quickly gather data that will lead to credible assessments to investigate the first important questions: what systems have been violated and in what way? Is the infection confined to only one part of the network? Has leaked data? Are we talking about corporate data or personal data about employees and / or clients?
Step 2: Ensure business continuity.
In case leakageς πληροφοριών που ενδέχεται να θέσουν σε κίνδυνο εργαζομένους ή πελάτες, απαιτείται καταρχήν η ενημέρωση και η προειδοποίησή τους. Αν η εταιρία έχει φροντίσει για copies security of its files, and already has an action plan, it can immediately return to the normal pace of serving its customers.
Step 3: Limit the infection.
First, it should be isolated latest technology equipments and/or the part of the network that has been breached. In case it is found that the communications used for the attack are encrypted, the keys should be discovered with the help of reverse engineering techniques, while, if the communication is carried out in non-confidential protocols such as HTTP, the detection of the commands used by the attacker will be easier. In both cases, the goal is to create firewall rules to quickly establish a first line of defense. Whether the company has invested in proactive threat detection and detection mechanisms, and uses a comprehensive security solution, will determine its ability to respond to this critical phase.
Step 4: Eliminate infection and attack.
Removing malicious code is a complex process. The first stage involves analyzing the code in detail to understand how it works, which antivirus solutions do automatically, saving valuable time in the response process. It is important to remove any malicious remnants and remove the vulnerable point from where the attack was made, strengthen the process of analyzing the packets transmitted by the network, revise the firewall settings, change the passwords access in corporate networks and update the keys. At this point, it's worth determining whether the infection was the result of simple carelessness or part of a targeted series of attacks.
Step 5: Learn from any errors.
An in-depth investigation of what happened may be a reason to improve the company's internal processes. Removing any vulnerabilities, the existence of which was previously unknown, is an opportunity to identify other vulnerabilities and strengthen defense. There will also be elements of the system design that need to be strengthened, and the weak points found in current defense will be discovered to design a stronger one.
