The media cycle has been dominated by news of cyber attacks on various large, essential businesses in recent months. In fact, Cybersecurity Ventures found that cyber attacks are projected to hit $6 trillion in losses in 2021. Still, Varonis found that 56% of Americans don’t know what steps to take in the event of a data breach.
In the event of a cyber attack, your cybersecurity team will likely use digital forensics, or the application of computer science to identify, collect, examine, and analyze data in order to remediate the effects of the attack. In this article, learn more about how companies should react in the event of a cyber attack and how digital forensics can help.
In 2020, data breaches cost, on average, $3.86 million. The most important step to take in mitigating this cost is asking your insurance provider about obtaining a well-structured insurance policy, which can cover the upfront cost of a ransomware payment, investigation costs, and rebuilding efforts.
When a cyber attack occurs, it’s commonplace for companies to start “pulling plugs” from server racks when they are hit by a cyber attack. However, contrary to popular belief, disconnecting or turning off the Wi-Fi is invasive enough to eliminate the threat of an ongoing attack and preserve the memory on the RAM, temporary storage that goes away when the device is turned off. RAM can play a vital role in digital forensics as it contains evidence that would not have otherwise been stored on the hard drive, such as recently executed commands, open network connections, code injections, and malicious programs loaded into the memory to be executed.
Cyber attack mitigation teams will prioritize getting visibility into the client’s network once they are called in. To do this, they use an Endpoint Protection Detection and Response (EDR) tool, which provides increased visibility into the network and insights on how many machines have been affected, and assists in assessing the entire network.
If your organization already has an EDR deployed on its network, remediation time will be even shorter, and the tool can prevent future catastrophe by monitoring the network in real-time for new or apparent threats.
It is important to set up a clean backup of your data contemporaneously with the digital forensics investigation and test to ensure that the data is clean. This backup will allow the client to get back to work on a clean network in a timely manner, while the forensic investigation is still ongoing.
Once concluded, the digital forensics investigators will provide a full review and analysis of the attack, which will contain insights as to
- How the attackers gained initial access to your network,
- Which systems were compromised,
- If any data exfiltration occurred
- The strain of malware or ransomware,
- Indicators of the comprise,
- And a timeline of crucial information.
Knowing more about how the compromise occurred can help your organization to prevent future or similar occurrences. To learn more about digital forensics and cyber attack remediation, contact our team at info@redpointcyber.com.