Episode 57
The First 3 Crucial Steps After You Experience a Cybersecurity Incident: Nicholas Steinmann | Director, Insurance Alliances at Tetra Defense
00:35 Guest Introduction and professional journey
02:40 Icebreaker
04:00 How did the incident response domain evolve in the last decade
06:33 Timeline of a cybersecurity security incident. Timeline for a company that suffers a security incident.
10:50 The number 1 cause of most cybersecurity incident
15:30 What should a company prepare for a cybersecurity incident & attacks
17:50 How important are compliance standards in building a resilient & secure environment?
25:47 Are there ongoing threats and data exploitation that companies don't know about?
27:50 A case study for incident response project
32:32 The initiative for cybersecurity incidents from the U.S government.
36:43 What actions you should take after experiencing a cybersecurity incident?
Description Summary:
All the early-stage companies react differently to a cybersecurity incident but mostly this is how it goes in the most cases
An employee starts to report an issue in the network. Perhaps he or she cannot access a file on the network.
The issue gets reported to the IT department.
The IT department would diagnose the issue and realize that there’s a larger problem at hand.
From this stage, the information escalates to the boardroom.
The number one & most common cause of cybersecurity incidents is open RDP or a phishing attack if you’re not keeping up with the patches or you have unpatched VPNs & unpatched exchange servers. Mainly, The unpatched environment is the predominant method of intrusion for ransomware.
The threat actors which perpetrate the attack use free tools which are available online and conduct an external scan very quickly and exploit the findings. These tools are available online and they cost nothing.
This is what you should do to reduce cybersecurity incidents in your business:
- Ensure multiple-factor authentication on all your accounts like emails, VPN, etc.
- Regularly test backups, and be sure to keep them off the domain.
- Have an incident response plan, review it every quarter, and regularly update it.
- Introduce the principle of less privilege to make sure you’re limiting the number of people who have domain access & leading accounts.
If you just realized that you’ve experienced a cyberattack,
- Preserve all evidence, because if you wipe or change any evidence, it’ll be hard to trace how the threat actor was able to get inside your environment.
- Don't turn off any devices, just disconnect them from the internet.
- Don't engage in communication with the attackers.
Connect with Ben Ben-Aderet: https://www.linkedin.com/in/benbenaderet/
Connect with Nicholas: https://www.linkedin.com/in/nsteinmann/