ESET: As modern business is increasingly based on digital technology, and cybercrime is constantly on the increase, corporate data protection is all the more important.
Denise Giusto Bilic, her Security Researcher ESET, advises companies and organizations that have been attacked, to take five key steps in order to protect their important resources.
Step 1: Determine its scope contaminations.
The companies that have fallen victim attackThey usually rely on their intuition to assess the situation, rather than an analytical examination of the problem. If the company has invested in developing strong emergency incident management systems, it is possible to quickly gather the evidence that will lead to sound assessments to investigate the first important questions: which systems have been breached and how? Is the infection limited to a single part of the network? Has data been leaked? Are we talking about corporate data or personal data about employees and/or customers?
Step 2: Ensure business continuity.
In the event of leakage of information likely to endanger workers or customers, they must in principle be informed and warned. If the company has backed up its records, and already has an action plan, it can immediately return to its regular customer service rates.
Step 3: Limit the infection.
Initially, the equipment and / or part of the network that has been compromised should be isolated. If the communications used for the attack are found to be encrypted, the keys should be located with the help of reverse engineering techniques, while if the communication takes place in non-confidential protocols such as HTTP, the detection of the commands used by the attacker it will be easier. In both cases, the goal is to create rules for the firewall to quickly create a first line of defense. Whether the company has invested in preventive detection and threat detection mechanisms, and uses an integrated security solution, will determine its ability to respond to this critical phase.
Step 4: Eliminate infection and attack.
Removing malicious code is a complex process. The first stage includes the detailed analysis του κώδικα για να κατανοηθεί ο τρόπος λειτουργίας του, κάτι που οι λύσεις antivirus κάνουν αυτόματα, εξοικονομώντας πολύτιμο χρόνο στη διαδικασία απόκρισης. Είναι σημαντικό να απομακρυνθούν οποιαδήποτε κακόβουλα υπολείμματα και να αφαιρεθεί το τρωτό σημείο από όπου έγινε η επίθεση, να ενισχυθεί η διαδικασία ανάλυσης των πακέτων που μεταδίδονται από το δίκτυο, να αναθεωρηθούν οι ρυθμίσεις του τείχους προστασίας, να αλλαχθούν οι κωδικοί πρόσβασης στα εταιρικά δίκτυα και να ενημερωθούν τα κλειδιά. Σε αυτό το σημείο, αξίζει να διαπιστωθεί αν η λοίμωξη ήταν αποτέλεσμα απλής απροσεξίας ή μέρος μίας στοχευμένης σειράς επιθέσεων.
Step 5: Learn from any errors.
A thorough investigation of what happened can be an opportunity to improve procedures within the company. Removing any vulnerabilities, the existence of which was previously unknown, is an opportunity to identify others vulnerable points and strengthen the defense. It will also show elements of the system design that need to be strengthened, and discover the weak points that exist in the current defense so that a stronger one can be designed.
