Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, February 19, 2013

5 Steps to Recovery After Your Business Has Been Hacked | Fox Small Business Center

It’s not just household names that are the targets of hackers, however: In a report released by Symantec, the maker of the Norton Anti-Virus software, 36% of the global targeted attacks in the first half of 2012 were directed against small businesses with 250 or fewer employees. spoke to four cyber-security experts to create a 5-step plan that will get you safely up and running again in no time if and when your business is compromised by a hacker. Rob Lee, the Digital Forensics and Instant Response Lead at the SANS Institute (a leading information security training institute), says that identifying whether a hacking attack has occurred is incredibly challenging for most businesses.

“To detect an attack, you must develop and maintain a basic awareness of the normal operations of your business,” says Martin Roesch, founder of SourceFire, a high-end technology firm that combats hackers and malware.  “Once you’re aware of how your network works, the applications people use and the amount of bandwidth they chew up, you’ll be able to spot anomalies that will help you identify an attack.”

Warning signs might include machines that are suddenly running slowly or crashing, strange network usage patterns, huge transfers of data to unknown destinations or visits from unfamiliar IP addresses (for instance, visits from Eastern European IP addresses when your business’s customers are all based in Texas).

Unless you have an information or cyber-security expert on staff, this would be a good time to call in a professional consultant, who will be able to identify the type of attack being utilized by the hacker, conduct a network and malware analysis, and figure out which systems and data files have been compromised. A security expert will also be able to tell you whether the attack was mass-produced –something an employee might have picked up by browsing a compromised website – or whether it was a unique, targeted attack, which might suggest that the perpetrator was a competitor of some sort, says Dr.

While the kneejerk response might be to pull the plug on machines as soon as a compromise has been detected, waiting until a thorough investigation has been conducted will better serve you in figuring out how to protect your system from future attacks. Then, using the information you’ve learned about the breach, says Hemanshu Nigam, founder of SSP Blue, a safety, security and privacy firm, “you can close the gaps in your systems, so it doesn’t happen again.”

Nigam agrees that customers should be informed to the extent possible, which will actually help build trust between your business and clients, as long as you effectively communicate that you are making all efforts to prevent another attack.


Posted on 02/19