Intelligent CISO Issue 1 - Page 79

decrypting myths Particularly savvy attackers may purposely engage in a cyberattack during national holiday periods when they know security personnel could be short-staffed and on low alert. Where? WHERE? Arguably, the most important questions to answer following an attack or breach is where it was targeted. This will involve an in-depth review of your entire attack surface; consider your network, your remote workers, your partners, your suppliers and even whether an infected USB stick could be to blame. Today, the most common entry point is email, for which hackers craft phishing attacks to target the weakest link in the security chain; the end-user. Why? WHY? The motive of an attack is an important piece of information for any external www.intelligentciso.com | Issue 01 announcements that might need to be made. Having these details is also very helpful when it comes to justifying your incident response plan or recommendations for additional security spending to company executives. For the most part, financial motive is still the top reason for attacks against companies; even state-sponsored attacks are financially driven in some sense. It may take years and cost millions of pounds to develop the intellectual property and customer base that can be stolen in a mere matter of hours. How? HOW? In order to effectively remediate you need to create a detailed step-by-step outline of exactly how the hacker attacked or breached your company. The tactics are evolving and some of the old tricks are making a comeback. Making matters worse, the black market for toolkits and ‘hackers for hire’ means that anyone can buy the technical savvy they need. Disgruntled employees, lost or stolen devices and unintentional sharing of sensitive information are other possible causes of an attack. Without an incident response plan in place, panic can set in and the wrong decisions may be made, leading to severe consequences. By focusing on these six questions in the immediate aftermath of a data breach or cyberattack, incident response teams minimise the likelihood of emotional-drive actions or mistakes, allowing for more effective remediation. u 79