2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks

apple-touch-icon.png Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks>
ATT Cybersecurity Blog – Alex Vakulov
Lessons learned It may seem that the incident response team’s main task is to restore everything to its previous state, but this is a simplification. The response team is invited for a different purpose. Its tasks are to understand: The attack vector used by the hackers. The specific entry point used to gain unauthorized access to the IT systems. A detailed timeline of how the attack progressed. Identification of potential prevention measures that could have been implemented at different stages. Recommendations for addressing the root cause of the incident to prevent future attacks. The answers help give better recommendations. For example: If the attack started with phishing, it is advised to set up an email sandbox, adjust spam filters, and train employees. If a vulnerability is to blame, changing the update\patch and network monitoring procedures is recommended. How to improve security There are a lot of organizations that have already done all the basic things. However, it does not guarantee the complete absence of incidents. They can be recommended to run penetration tests. However, you need to “grow up” to this kind of thing. It makes no sense to conduct penetration testing when only 20% of the infrastructure is covered with Intrusion Detection and Response (IDR\IDS) solutions.

Follow trends and industry reports The reports often provide specific recommendations on how to protect from a particular attack. One of the best sources for such information is MITRE ATT&CK Matrix. Do not panic, and do not do rash things In general, do not act impulsively. Contacting the experts when it is essential to stop the attack promptly, determine the exact nature of the incident, understand who is to blame, and chart an effective course of action – there are no alternatives – call the external response team.
Link: https://cybersecurity.att.com/blogs/security-essentials/insights-from-an-external-incident-response-team-strategies-to-reduce-the-impact-of-cybersecurity-attacks

Categories:

Tags: