We’re back with part 2 of how to address a corporate network intrusion! Please click the following hyperlink if you still need to catch up on part 1 of mitigating network intrusions on a corporate level. As we’ve mentioned before, a network intrusion can be overwhelming to pinpoint if you’ve never dealt with this kind of issue before within your company. With so many other high-priority tasks to manage, it’s easy to get off track and delay the investigation and mitigation of the security threats – which might cause additional harm in the meantime. Fortunately, there are 7 core objectives to keep in focus when addressing a corporate network issue:
- Collection of evidence.
- Identify the source and target of the intrusion.
- Identify the method of the intrusion.
- Identify the cause of the intrusion.
- Identify the extent of the intrusion.
- Identify what data was accessed.
- Assessment of the network and all its resources.
It’s important to grasp these goals and objectives, and understand the differences between them. It’s also crucial to note that these may change as your investigation goes on, as not every intrusion fits into a “one size fits all” template. In this article, our team of cyber security experts in New Jersey will cover steps four through seven – thus concluding our segment on addressing network intrusions affecting your business.
Step 4: Identify the cause of the intrusion
We define the cause of the intrusion as what allowed the method of intrusion to occur. For example, if the method of intrusion was a virus that provided backdoor access to the computer, the cause might include, but is not limited to the lack of virus protection installed on the computer, failing to keep virus signatures updated, turning off the User Access Control feature, and/or failing to keep the Windows operating system system up-to-date.
Step 5: Identify the extent of the intrusion
The extent of the intrusion is the identification of all computers and devices that were accessed by the hacker or infected by malware application. This is important to determine, as it impacts the cost of the investigation going forward. If the intrusion/infection were contained to one computer, then this would contain the costs. If your hired team determines that hackers accessed multiple computers, then the attorneys appointed may have all the compromised systems forensically imaged to search for personally identifiable information (PII). These costs can escalate, depending on how many systems were accessed.
Step 6: Identify what data was accessed
The definition of this is self-explanatory, and it’s a critical part of the investigation because it has a direct impact on reporting requirements. While many legal issues surround a network intrusion, one of the most important is the reporting requirements. If your company does not comply with all federal and state reporting requirements, you can be subject to significant legal implications, including fines, lawsuits, and criminal charges, depending on what your company did or refused to do during the investigation.
Step 7: Assessment of the network and all its resources
The assessment of the network is crucial to conducting a comprehensive network intrusion investigation, as it helps identify any weaknesses in design or configuration, which may have allowed the hacker to gain access to the network. This information is essential to you, your insurance company, and mitigating the risks going forward. Part of the assessment should be to review employment agreements and professional services contracts. As digital forensics experts, we never assume your company hired third-party IT technicians to ensure the security of your network. You may have hired them to fix networking issues, but not to conduct a security assessment to identify weaknesses in your corporate network. A company cannot hire third-party IT technicians to fix printer issues and then blame them for an intrusion. Companies and their IT consultants need to take care of documenting exactly what’s expected from each party. If not, it can be detrimental to both parties and lead to costly litigation – which nobody ever wants.
Comprehensive Cyber Security Assessments for Your NJ Business
We can’t stress this enough, it is in any organization’s best interest to hire an experienced IT team and cyber attorney to navigate an intrusion that can land them in hot water. This is criticall if your business wants to collect from an insurance policy and/or publicly address legal concerns with current and past employees. If your small business hasn’t encountered a network intrusion, but doesn’t have a solid grasp on cyber security, please give NSGi a call today. We can start by performing a thorough network threat assessment, where we identify points of weakness and then create a plan moving forward to ensure your corporate network has the best defense possible against hacker and malware attempts.
If your small business in New Jersey is in need of managed IT services and cyber security protection, please visit our website at: https://nsgi.com
*This article includes excerpts from “Pocket Guide for Investigating Ransomware and Network Intrusions” written by John Lucich, the Founder and CEO of Network Security Group, Inc and eForensix.
