Firstly let us know what is cybercrime? cybercrime is nothing but it is the criminal activity that either targets or compute, a computer network or a networked device. most but not all cybercrime is commited by cybercriminals or hackers who want to make money. cybercrime is carried out by individuals or organizations. some cybercriminals are organized, use advanced techniques and are highly technically skilled other are novice hackers.
As a business, your best bet against cyber crime is to prepare a solid incident response plan. often planning is not enough you should have the security staff and tools in place to execute it. an incident response plan, according to the SANS framework, includes:
PREPARATION: Codifying your security policy, indentify types of critical security incidents, prepare a communication plan and document roles, responsibilities and processes for each one. recruit members to your computer security incident response team and train them
IDENTIFICATION: Use security tools to accurately detect anomalous behaviour in network traffic, endpoints, applications or user accounts and rapidly collect evidence to decide what to do about the incident
CONTAINMENT: Isolate the affected systems, clean them and gradually bring them back online
ERADICATION: Identify the root cause of the incident, and do everything to ensure the issue does not repeat itself. fix broken security measures that let in the attackers, patch vulnerabilities, and ensure you clean malware from all endpoints.
RECOVERY: Bring production systems backup, taking care to prevent another similar attack. test to ensure that systems are backup and working as usual
LESSONS LEARNED: Up to two weeks after the incident review it with the team to understand what went well and what didnt and improve your incident response plan.
You must be logged in to post a comment.