The risk of theft or data compromise continues to increase. Most of us know that there is no such thing as 100 per cent security. Unfortunately, it’s only a matter of time until a security incident occurs. When an incident occurs, it’s common to observe rantic running around and people improvising action plans. Often, the IT departments clean the computer system after a cyber incident without assessing the impact including whether confidential information has been stolen or compromised. The lack of preparation can lead to disaster, as bad decisions are made under pressure. Hence, it is necessary to have an incident response plan in place that is tailored to your organisation’s business environment to minimise disruption or losses to business operations in the event of an incident.

This is a vast topic, but here are few tips for you to consider in your incident response plan. I hope you will never have to use them, but the odds are at some point you will. No one wants to have a security incident and I hope being ready saves you from all the inconvenience and stress.

According to the CERT Coordination Centre, a security incident is defined as a violation of: an explicit or implied security policy; an attempt to gain unauthorised access; an unwanted denial of resources; an unauthorised use of electronic resources; and a modification without the owner’s knowledge, instruction, or consent.

Common security incidents
These security incidents usually fall into one or more following common scenarios:

• Inside jobs; an employee or contractor working in an organisation may exploit his/her position to hack the organisation’s computers or otherwise compromise its IT systems including denial of service.
• Social engineering; this is a low-tech or non-technical hacking technique used to persuade people to compromise security procedures and disclose confidential and sensitive information.
• Malware; these are most prevalent in exploiting vulnerabilities in the networks and computer systems. Hackers usually induce employees into opening infected e-mails where the malware is designed to steal confidential information such as password, credit card numbers, bank account numbers and denial of service.
• Extortion and blackmail; an organisation may receive threats from hackers claiming to have hacked its website or computer systems offering to return stolen confidential information in exchange for money or property. In some cases, unavailability of data leads to denial of service.

Threat assessments
As a first step, organisations should conduct a threat assessment to determine whether its computer systems have been attacked and, if so, how it was accomplished. Then the organisations should do the following:

• Determine the feasibility of restoring critical systems where a denial of service attack affects critical infrastructure. This includes assessing whether restoring service will negatively affect collecting evidence in the investigation.
• Determine whether the extortionist has done what he/she claims by isolating areas that may be affected to determine if they have been compromised.
• Document all aspects of the investigation and secure and preserve all evidence, including logs of critical system events.
• Incidents should be classified and the severity level should be determined. The severity level of the incident should dictate the course of actions that should be performed to resolve the incident.

Once the systems are restored, the response team should determine what cyber security management improvements are needed to prevent similar incidents from re-occurring and or whether the cyber incident response plan should be improved.
All details related to the incident response process should be documented and filed for easy reference. This provides valuable information to unravel the course of events and can serve as evidence if prosecution of intruders is
necessary.

Know why you are targeted
As an individual, knowing why you are a target can also sometimes help you understand how you were breached. If it was your bank account, it is your money. In the case of an e-mail hack, it is to send spam, request money from your contacts, reset password on other services or even try to gain access to your business. In order to recover your email, or other services that use the same or similar password, reset your password by answering a secret question or by sending the password reset details to the secondary email address associated with your compromised account. It is also possible to reset your password using your mobile number, if it has been previously configured. You should be changing your passwords periodically and avoid reuse of passwords or use schemes that result in similar passwords such as password123, password124, etc.

In today’s fast-moving technological world, having security features on internal networks is no longer sufficient to protect or shield your company from intrusion attempts, either internal or external. Therefore, it is essential for your organisation to have a well-defined and systematic procedure to respond to security-related incidents. This ensures you are adequately prepared to respond and recover from incidents that may potentially disrupt critical business processes.

The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He is the founding member and President of the (ISC)2 Chennai Chapter, Founder/President of Information Security Professional Associates (iSPA) and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com.

Gardens of rich, nutritious vegetables on soil-less surroundings on your balcony!

John Keells aims to double its hotel room stock in 5 years

Central Bank may re- examine finance company ratings by LRA

Sri Lanka spins under bond spree

Chinese suppliers demand over Rs. 127 mln in unpaid bills

Fraudulent shoe imports cause over US$112.5 mln forex loss to Sri Lanka

Can Sri Lanka become the miracle of South Asia? Some lessons to move in that direction

NDB Rs. 10 bln debenture issue oversubscribed

Young ideas to grow Sri Lanka – Comment

Why do banks harass their customers? – Letter

Dirty currency notes are not good for a visitor to the country – Letter

Waive interest on pawned jewellery – Letter

“New lawyers-committee to probe Central Bank, Treasury, accountants” – Letter

Propagation of Errors – Focus

Government intensifies efforts to regulate micro finance units

First ever Asia-Pac conformity push in Sri Lanka takes off in Colombo

Improving Sri Lanka’s tax collection base and collection a challenge to the government

Airtel, Virtusa, MillenniumIT, 17 more tapped as 2015′s ‘Best Companies to Work for’ in SL

Rs. 6 bln released this week to pay outstanding bills on road development projects

IronOne’s ‘BoardPAC’ receives ISO 27001 certification

Construction on long-awaited Central (Colombo-Kandy) Expressway to start

hSenid Mobile Solutions concludes successful TADHack 2015

SL pharma company says court-appointed committee clears it of alleged wrongdoing

12 eHealth pilot projects running in SL – HISSL President

eIMMR, the first eHealth System to be implemented islandwide – Special Report

Electronic and Telecom Engineering Dept. University of Moratuwa pioneers telecom education and research in Sri Lanka – Special Report

SL crowd-sourcing platform Help.lk to target youth – Special Report

Six years on, Standard Credit Finance depositors still to get their money

CA Sri Lanka seminar on “Liberalisation of Professional Services”

Discussion on “Night Work/5-day working week for women”

GK depositors rejoice over new payment plan

‘Call for Abstracts’ for Colombo-based eHealth Asia conference in Oct.2015

World’s biggest hotel to open in Mecca in 2017

Over 100 SL entries for 2015 Cannes Lions

Value addition can boost exports from Sri Lanka to Malaysia

Chinese businesses dominate at construction exhibition

Political uncertainty hurts SL’s tourism planning

Competitiveness possible through systematic processes across all industries – Harsha

EFC makes its case on ‘Compliance+’ branding at ILO, Geneva