The noticeable rise in the number of incidents and attempted data breaches has led to an increased interest in security – especially in the face of the sudden changes in business procedures due to the coronavirus pandemic. These changes have affected not only businesses, but also cybercriminals, who very quickly adapted to the new market reality.
SUMMARY:
- A rise in the number of information security incidents – with phishing attacks and similar scams aimed at gaining access to confidential information as the most common challenges faced by organizations.
- To limit the attacks, it is necessary to optimise security management processes.
- Extending security beyond IT structures will guarantee improved security from the ground up.
Incident… and now what?
In our work, we often have various organizations come to us for help following an incident or data leak. Unfortunately, such situations are becoming more and more widespread, and even savvy users are affected. Phishing attacks and similar scams aimed at gaining access to confidential information are the most common challenges we have to deal with.
Analyse the situation and mitigate the consequences
The first step we take in these cases is to analyse the situation and take steps to minimise the negative impact of the incident and its scope. The key element at this stage is to devise a methodical approach tailored to the case at hand. As soon as we are confident that the incident is under control, we proceed simultaneously along two paths:
- analysis of existing security mechanisms,
- developing a remedial plan.
Such an approach enables us to identify potential gaps not only in the safeguards in place in the organization, but also in the processes initiated as a result of the adverse event. It is our job to carry out an in-depth analysis and evaluation of existing mechanisms and to recommend corrective action.
Ważny fragment
In our experience, even savvy organizations, which have implemented a range of security features, have vulnerabilities that seem negligible from their point of view, but when viewed from a different perspective – can generate high risks.
Conclusions and lessons for the future
The products delivered to our clients as a result of our involvement usually include:
- security maturity assessment, and
- security upgrade plan, containing a series of recommendations with assigned priority levels, impact on the organization, cost of implementation and alternative solutions.
Because our team has a diverse skillset, such a plan accounts for not only technological aspects, but also solutions dedicated to respective organizational units, such as HR, Finance and Administration. This will enable you to increase your security level from the ground up – where your staff in the performance of duties are exposed to personalised threats and where the most valuable information is to be found.
The key to success in projects related to incident analysis lies in adopting a different perspective, thinking outside the box and recommending custom-tailored solutions. Such an approach guarantees that the security management process will be optimised and the risks for information subject to processing will be minimised.
AUTHOR: Kacper Szułkowski, Senior Consultant, Cybersecurity