The COVID-19 pandemic has created havoc not just in the lives of people but also rocked the business world globally. With countries going into lockdown, businesses are today forced to adapt to the situation and operate remotely. With this, businesses are confronted with new challenges and threats. Although organizations around the globe have adopted the work-from-home operating model, this has opened doors to malicious cyberattacks. With the new working norms and companies accelerating their digital transformation, cybersecurity is now a major concern.
By Narendra Sahoo, Founder, and Director, VISTA InfoSec
While the entire world is focusing on health, the economy, and restoring normalcy, criminals are constantly capitalizing on the situation to stage a well-planned cyberattack. Not only does the incident of cyberattack have severe reputational, legal, operational, and compliance implications, it also severely impacts the forensic investigation. Speaking more on this, we have explained in the article the challenges of remote working, prerequisites to prevent incidents of the breach, the protocols to be followed in case of a data breach, and all the nitty-gritty of cyber forensics. The article provides insight on the impact of remote working on cybersecurity, and the process of cyber forensics in case of a breach.
What happens in Cyber Forensics?
Handling a data breach incident in a normal scenario is very different from the current situation for both the organization and the cyber forensic team. Before the pandemic, when businesses were running in a controlled environment, even in case of a data breach, immediate response, measures to contain, and investigations helped lower the impact. However, now in the pandemic situation, with the remote working model, the situation is completely different. Not only has this increased the risk of a cyberattack, but it has also hampered the process of investigation and containing the situation in case of a data breach. But, before we get into the details of the challenges faced in cyber forensics during the pandemic, let us first understand the process of a cyber forensics investigation.
Cyber Forensics Investigation
Before the pandemic, when a data breach incident occurred, organizations had to follow a specific protocol to respond and contain the incident. With that, a cyber forensic team investigates the situation at the location and helps the organization respond, recover and resolve the incident. The process of handling the incident involves two primary steps which include:
- Responding and Containing Incidents
- Investigating the Incident and Collecting Evidence
While the approach taken by the organization may vary based on their priorities, severity of the incident, and impact of the incident, there are certain basic protocols organizations must follow. Given below is a list of protocols that organizations should follow in case of a data breach. Once there is a breach, the organization should follow a few essential steps immediately to limit the impact of the breach.
Protocol to be followed in a Data Breach Incident
Step 1: Survey the damage
Once the organization discovers the data breach incident, the Information Security Officer along with the designated information security team should conduct an internal investigation. This is to first determine whether an incident has happened and to access the impact of the incident on critical business functions. They further need to conduct an in-depth investigation to identify the attacker/source of the attack, discover the exploited security vulnerabilities, identify immediate steps that can be taken to limit the loss, and determine steps for resolution and improvements. If an attack is confirmed, it is well advised to hire external professionals to investigate and take steps…To read the full story, subscribe to CISO MAG.
This story first appeared in the June 2021 issue of CISO MAG.
About the Author
Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the U.S., Singapore and India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, and Compliance services. VISTA InfoSec specializes in Information Security audit, consulting, and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance and Audit, PCI PIN, SOC2 Compliance and Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.