ESET: As modern business is increasingly based on digital technology, and cybercrime is constantly on the increase, corporate data protection is all the more important.
Denise Giusto Bilic, her Security Researcher ESET, advises companies and organizations that have been attacked, to take five key steps in order to protect their important resources.
Step 1: Determine the range of infection.
Companies that have been attacked usually rely on their intuition to assess the situation, rather than an analytical examination of the problem. If the company has invested in the development of strong systems managementof emergencies, it is possible to quickly gather the evidence that will lead to sound assessments to investigate the first important questions: which systems have been compromised and how? Is the infection limited to a single part of the network? Has data been leaked? Are we talking about corporate data or personal data about employees and/or customers?
Step 2: Ensure business continuity.
In the event of leakage of information likely to endanger workers or customers, they must in principle be informed and warned. If the company has backed up its records, and already has an action plan, it can immediately return to its regular customer service rates.
Step 3: Limit the infection.
Initially, the equipment and / or part of the network that has been compromised should be isolated. If the communications used for the attack are found to be encrypted, the keys should be identified with the help of technicians. reverse engineering, while if the communication takes place over non-confidential protocols such as HTTP, it will be easier to trace the commands used by the attacker. In both cases, the goal is to create firewall rules to quickly establish a first line of defense. Whether the company has invested in proactive threat detection and detection mechanisms, and uses a comprehensive security solution, will determine its ability to respond to this critical phase.
Step 4: Eliminate infection and attack.
Removing malicious code is a complicated process. The first stage involves analyzing the code in detail to understand how it works, which antivirus solutions do automatically, saving valuable time in the response process. It is important to remove any malicious remnants and remove the vulnerable point from where the attack was made, strengthen the process of analyzing the packets transmitted by the network, revise the firewall settings, change the passwords on corporate networks and update the keys. At this point, it's worth determining whether the infection was the result of simple carelessness or part of a targeted series of attacks.
Step 5: Learn from any errors.
A thorough one research για το τι συνέβη μπορεί να αποτελέσει αφορμή για τη βελτίωση των διαδικασιών εντός της εταιρίας. Η αφαίρεση τυχόν ευπαθειών, η ύπαρξη των οποίων ήταν προηγουμένως άγνωστη, είναι ευκαιρία για να εντοπιστούν και άλλα τρωτά σημεία και να ενισχυθεί η άμυνα. Θα φανούν επίσης στοιχεία του planning of the system that need to be strengthened, and the weak points in the current defense will be discovered, so that a stronger one can be designed.