by Elizabeth Karanja
As an Organization, you have put in place information security measures and ensured that your systems and data are safe. Still, the unlikely happens and , a security breach is experienced. Whether the breach tampered with availability of services, confidentiality of data or compromised integrity, you are at a loss. But what do you do as The Chief Information Security Officer, or in any capacity of information security? Here are some useful tips:
COMMUNICATION: Communication is key in the event of a cyber security incidence. Assuming as an organization, you already have a cyber security strategy/ Framework (The Nist(USA) my personal favorite https://www.nist.gov/cyberframework ) in place which basically outlines the guidelines, communication channel,policies, procedures , and the actions to take in the event of a cyber security incident. It is advisable to first and foremost communicate the details of the incidence to the respective parties, again as guided by the cyber security strategy of your organization.
- EVALUATION :The next step would be to examine the magnitude of the threat/ risk. At this stage, the expertise of an information security practitioner is needed. Depending on the size and/or the priorities of the organization , an in-house incidence response team is ideal, but if this is not the case, an external Cybersecurity/Digital forensics consultant can be contracted .
- REVERSE ENGINEERING: After determining the magnitude of the damage, The Incidence response team recommends countermeasures and closes any security gaps that may have resulted in the security breach. Beyond finding a cure to the damage, as an organization you want to go after the cyber criminal and hopefully recover any stolen resources and also prosecute the offender.This is where a digital forensics expert comes into play to trace the path of the criminal.
- MITIGATION , RECOVERY & BUSINESS CONTINUITY: At this point, as an organization, it is important to rise up from an attack and soldier on. It is not enough to just to put the past behind you , but also be intentional about improving the cyber security posture of the organization, close any security gaps and train the staff both the technical and otherwise on the importance of practicing cyber safety. As the organization recovers from the attack, it is necessary to maintain the essential functions of the organization to ensure business continuity.
- DOCUMENTATION & REPORTING: After the attack is behind us, we want o forget quickly and move on, but in this digital age, where cyber crime is the norm , information security is not a guarantee, regardless of the measures you have put in place. Therefore take every attack as a lesson and purpose to be more cyber resilient and hopefully the next attack will not hit as hard and the recovery process will be much cheaper and easier.