Cyberis Blog

Identifying The Incident

At some point, your business is likely to have to deal with an incident.  When this happens, being able to accurately identify and classify the incident is key to responding effectively with the minimum impact to your BAU operations. Yesterday, we discussed how proper planning will help you get a robust incident response framework in place.  Today, we are going to look at the sorts of questions you need to ask yourselves in order to be able to identify and classify an incident, and hence tailor your response.

The Five 'P's

It is widely acknowledged that these days, it is not a question of 'if', but 'when' an organisation will need to handle a security incident, and as every project manager knows, Proper Planning Prevents Poor Performance.

When you are reviewing your security controls, planning for a security incident in advance is incredibly important. 

Incident Response Week

Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.

Follow us on Twitter for the mini-how-to series, and view the previous blogs here:

Monday: The Five P's

Tuesday: Identifying The Incident

Wednesday: Defining Your Objectives

Thursday: Enacting Your Response

Friday: After The Storm

The True Impact of a Cyber Breach on Share Price

With media coverage of security breaches becoming more commonplace, the business world is beginning to realise that it is less a matter of ‘if’ there is a breach and more a matter of ‘when’. Whilst there is often extensive coverage of the cost to the affected company of a data breach, rarely is the impact on the company’s value examined.

We  looked at four recent data breaches and examined the impact on share prices for the companies involved, both short and medium term, to  see if the value of the company is indeed affected.

Tags

Another Breach For Yahoo!

Mark Crowther, Associate Director at Cyberis looks at the latest breach at Yahoo and the serious questions it raises about the company's historical and ongoing security programme.

The latest reports say that Yahoo lost data for more than one billion users back in August 2013 and that the data is suspected to contain names, email addresses, hashed passwords, security questions and associated answers. In addition, Yahoo has stated that the attackers have accessed Yahoo proprietary code used to generate cookies for user access without credentials.

Tags

Who can you trust to test out your IT defences? 

Behind every high-profile data-breach headline, there are 100s of other similar stories of cyber attacks that cause major financial pain and reputational loss to their victims. The fact is that cyber crime is no longer a backroom activity but a growing business, driven by hacktivist groups, organised criminal gangs and state-sponsored cyber terrorists. And attacks are no longer directed only at government organisations, large financial institutions and corporations. Companies of all types and sizes are now facing increasing internal and external threats.    

Tags

Internal Indicators of Compromise: Understanding Your Data

The threat landscape is constantly evolving.  The skillsets and techniques used by adversaries constantly evolve in terms of sophistication and efficacy.  There's an arms race going on, and offensive capabilities tend to be outstripping defensive controls.

Some ubiquitous threat actors, such as those criminal gangs running ransomware operations, may not care too much about what data you have within your network.  Most organisations are targeted by a range of threat actors, however, and some may be highly driven to gain access to your assets.

Tags

Cyber Essentials – The Long Road to Certification

There is some confusion surrounding Cyber Essentials; what it is, why people need it and often there is a misinterpretation that Certifying Bodies are responsible for the schemes rules. Cyber Essentials is a relatively new certification. It has been mandated since October 2014 for UK government suppliers, although it is not limited to them, non-government organisations are encouraged to seek to obtain the certification.

Shutting the Door on the Attacker

There's no such thing as infallible security, and preventing every single security breach is impossible.

But when a breach does happen, the steps an organization takes next will largely determine the damage they suffer, and how the business recovers. A security team's first reaction is often to move to eject the attackers. But is that always the right strategy? Especially when it comes to advanced threats, there is a case for biding your time, and gathering intelligence.