Have you ever considered a life of crime? If so, cybercrime might be a good field for you to take a look at. Many organizations aren’t very good at responding to network intrusion… so you might actually get away with it. Plus, prosecuting cybercriminals is tough to do; evidence against your dastardly deed seldom stands up in court.
When your victim has a cybersecurity policy in place for responding to network intrusion, clues will be hard for them to come by, and even harder to trace back to you.
And to top it off, most companies don’t want anyone to even know you’ve paid them a visit. Rather than collecting evidence, a lot of them prefer to let your trail go cold and focus more on getting the system back up and running again.
Responding to a Network Intrusion
What if your company network has been compromised and it’s your job to respond to a malicious network intrusion?
If you’re reading this now and you don’t have a plan in place—but your network is not yet under attack—good for you! There’s still time to make a plan so that your company will be able to respond to a network intrusion.
Here are the basic steps to take when responding to network intrusion.
These procedures should be clearly spelled out in your organization’s Cybersecurity Policy:
- Detection. This is the first step in responding to network intrusion. Determine whether or not a breach has taken place and what the impact may be on the affected parties.
- Containment. Don’t let the situation go from bad to worse. Send out a company-wide bulletin with the IT Security Policy procedures to follow. Disconnect devices that may be infected, but don’t power them down. (Shutting them down may erase vital data that provide clues as to how the breach occurred.)
- Depending upon the severity of the breach, multiple people will need to be informed—both internal and external. Your company may be held liable for damages that result from a malicious network intrusion, so your management team should be among the first to know. But there’s more. If any of your customers’ personal data has been compromised, they need to be informed in writing. Quite possibly, financial institutions will be involved. And depending on the severity of the breach, law enforcement may need to be brought in as well.
- After containment, systematically remove the network intruder. Go one step further and make every effort to identify how the intruder got in so that future ‘visits’ can be blocked.
- And finally, restore normal operations. When responding to network intrusion, the goal is always to ensure the network is safe to use again and learn from the attack. When you let everyone know that the network is back up, it’s also a good opportunity to remind your colleagues of the IT Security Policy procedures so that you can avoid another event.
It Pays to Have a Plan
Another course of action that you may be required to take by your business partners, financial institutions, and associated payment processing companies is a PCI forensics investigation. We have done audits of almost every kind for our clients, and what we have found is that companies that have plans in place tend to fare better than those that don’t when responding to network intrusion. In all cases, a winning response to a network intrusion involves a well-thought-out plan, leadership from the IT team, and a commitment from the entire organization to take action in accordance with the plan.