Solutions
Services
Solutions
Industries
Partners
Company
In an online world constantly under threat, understanding cybersecurity is more critical than ever. One aspect of cybersecurity essential in protecting an organization's assets is Incident response (IR). This blog post will unpack Incident response by explaining several real-world Incident response examples.
'Cybersecurity' is a broad term that covers practices, processes, and technologies designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. One vital aspect of cybersecurity is the Incident response (IR).
Incident response is a structured approach to handling and managing the aftermath of a security breach or attack (an 'incident') to limit damage and reduce recovery time and costs. The Incident response plan involves a set of instructions that detail the response to a breach, cyber threat, or any other incident.
Typically, there are six steps involved in Incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
This step includes training and equipping the Incident response Team and setting up an overall Incident response strategy.
Identifying that a security incident has indeed occurred is the next step. The faster an incident is identified, the faster it can be contained.
Once identified, the breach needs to be contained to prevent further damage. Containment strategies will depend on the particular incident.
This involves identifying the root cause of the incident and eradicating it entirely to repair all systems and devices.
Systems and devices are restored to their normal functions, and the final checks are carried during the recovery phase.
Once recovery is completed, teams review the attack to understand how it happened, how it was handled, and how to prevent it from occurring in the future.
Let's look at some real-world Incident response examples to understand how these steps are implemented.
In early 2016, the Domain Name System (DNS) infrastructure for a large internet services company was targeted with a complex "water torture" attack. Detecting this as an anomaly, the cyber team implemented a containment strategy that involved extensive monitoring and redirection of traffic, preventing significant disruptions.
During 2016-2017, a series of breaches known as the "Cloud Hopper" attacks impacted managed IT service providers (MSPs). The attackers exploited the trust relationship between MSPs and their clients. Through comprehensive Threat Hunting and Forensic Analysis, the security teams identified the mode of attack and removed access mechanisms used by attackers, effectively eradicating the infection.
WannaCry ransomware attack in 2017 affected more than 200,000 computers across 150 countries, impacting hospitals, banks, telecommunications, and warehouses. The Incident response included a patch management strategy where security teams pushed a security patch that plugged the vulnerability being exploited.
In 2017, the consumer credit reporting agency Equifax suffered a massive data breach affecting 147 million people. The company responded by setting up a website for potential victims, offering free credit monitoring and other services. However, its slow response highlighted the need for a well-prepared and timely Incident response.
In conclusion, these real-world Incident response examples underline the critical role cybersecurity plays in today's digital age. They show the complexity of cyberattacks and the need for a structured, robust, and quick response to incidents. The more prepared an organization is, the less severe the damage of a cyber attack will be. Therefore, businesses should prioritize a comprehensive Incident response plan to counteract the ever-evolving cyber threats efficiently.
SubRosa is a cybersecurity solutions provider specializing in cyber assessments and risk and compliance.
