As part of the MITS (Managed IT Services), we provide our clients with a basic level of incident response and recovery for cybersecurity issues. Many of our clients are asking “what happened” after an incident but, in most cases, we cannot answer that question because we simply do not have a proper cybersecurity program in place to audit the threat.

Many firms are unaware that their network has been breached or infiltrated until they notice unusual activity such as a suspicious email being sent from an end user’s account that they did not send. Often, pop-up messages loaded with spam will start appearing. 

Most malicious security incidents can be broken down into anything that compromises confidentiality or availability. Given those subjects, here are three examples: 

Confidentiality Incident 

laptop is stolen from a car or a user phished and email credentials were compromised. In either case, an attacker was able to obtain unauthorized access to data. 

Possible mitigation controls 

  1. Encrypt laptops
  2. MFA (Multifactor Authentication) on all mailbox logins
  3. Employee training in the form of a policy. 

Integrity Incident 

A worm or virus that moves through the network with the goal to delete or modify data. Data was possibly changed or deleted in a database or document. 

Possible mitigation controls 

  1. SOCaaS (Security Operations Center as a Service) 
  2. DNS filtering 
  3. Dependable Antivirus 

 Availability Incident

An attack on a server with the intent to shut down services or ransomware spreads through the network that encrypts files. In each case, the attacker took away systems or encrypted files which led to the inability to operate. 

Possible mitigation controls 

  1. SOCaaS (Security Operations Center as a Service)
  2. Proper firewall configuration (rule evaluation)
  3. Least privileged access. 

To develop a good cybersecurity program, it takes the proper tools, policies, and, most importantly a security culture in your organization. In part 3 of our Cybersecurity for Businesses series, we will discuss our CORE Security program and whey we feel it is the complete cybersecurity solution for your business.