Resources

 
Request More Info

Been Hacked?

==============================================================
If you have experienced a security breach, contact Digital Defence immediately
==============================================================

Your organization is under constant attack by opportunistic hackers who scour the Internet looking for vulnerable networks and systems.  It is also under direct and targeted attack by hackers, business competitors, and disgruntled employees who are motivated to steal or destroy your critical data.

At some point, you will suffer a data security breach.

From a business perspective, your ability to survive and overcome the negative effects of a security breach will be based on your ability to prepare for, detect, and respond to a security breach.

Prepare for a Data Security Breach 

  • Conduct a risk assessment - clearly identify the most critical data to your organization, and ensure that you understand the "worst case" that could occur if the data were released to the public
  • Ensure you are aware of all regulations that govern your particular industry, as well as privacy legislation
  • Complete a data flow assessment - where does your critical data reside? 
  • Assess the network and computing - Complete an inventory of all access points (network providers, partners, employees, clients) to your network, including devices, servers and workstations, mobile devices, communications protocols, security protocols, use of encryption, and applications
  • Conduct audits of network, server, and application security
  • Review all logs - Ensure that relevant information is collected and bound to date and time stamps.  Critical logs should be stored in a central location, and protected from unauthorized alterations or destruction.  Review logs with security and incident response personal to confirm that data being logged is sufficient to identify that a security breach has occured, and assist in tracking down the culprit and other relevant information
  • Review security of third parties holding your data - It is estimated that 30 - 45% of data breaches involve a security failure by business partners processing or storing your data; ensure that they are providing security equivalent to what you offer
  • Train your incident response team - Nearly 2/3 of all employees feel that they could not recognize or respond to a data security breach.  Provide the required training, including frequent follow-ups to key employees, or engage a third party response team and integrate into your existing IT operations
  • Build relationships with third parties in advance of an incident - Make contact with law enforcement / technical crime specialists, incident response providers, private investigators, PR speccialists, and product vendors in advance of an incident, or contact an organization that has those critical relationships in place
  • Create an Incident Response Plan - document all findings, and how you will respond to a data security breach. Ensure that it is approved in advance by your governance board, executives, and managers

 

Detecting a Data Security Breach

  • Attackers leave visible clues - Website is visually compromised, message from a hacker, changes to source code, etc
  • Systems are not responding "normally":
    • System reboots, or increased number of application conflicts
    • Unusual in-bound or out-bound connections, frequently encrypted
    • Increased accesses to hard drives, or less available storage space
    • New accounts present, especially accounts with privileged access
    • Access logs missing, or appear altered
    • Anti-virus or other security mechanisms have been disabled, or not functioning properly
  • Competitors appear to have access to your sensitive corporate data (e.g.: consistently losing bids)
  • Partners or other groups connected to your network report they are being attacked, and it's originating from your network
  • End users report systems not functioning properly, or "appear to have been hacked"

  

Responding to a Data Security Breach

  • Refer to your Incident Response Plan for immediate guidance - If you do not have such a plan in place, immediately contact Digital Defence for assistance to minimize damage to your network and data and preserve evidence for litigation
  • Initiate an incident response log - Document all observations, events, actions taken, including all internal and external persons contacted regarding the incident
  • Alert relevant contacts - As per your Incident Response Plan, alert internal persons (Information Security Officer and/or Privacy Officer, Board of Directors, Executive Management, Legal department, HR), law enforcement, regulatory agencies such as banks and credit card companies, partners connected to your network, vendors, customers, the general public, and the media.  Ensure contacts are pre-defined in advance, the alerting policy has been accepted and approved by management, and the specific message to external partners is controlled by the relevant management level
  • Contain the incident
    • Do not turn the compromised system "off" if it is on
    • If the system is on, and there is evidence of the compromise (e.g.: alteration of images), take a photo
    • Disable access to and from the public Internet (network connectivity, modem, wireless)
    • Disconned the compromised system from your own network
    •  Contact Digital Defence to obtain free Live Forensics Toolkit to collect critical data from system
  • Preserve local logs (those on the compromised system)
  • Preserve the upstream logs