How IT security services respond to a cyberattack can make a major impact on whether or not the attack is thwarted, . In one case, a company was hacked through one of its servers, which led to a fast response by the IT security team. However, the team failed to discover the Trojans that had been installed on the other servers that existed in the system.

In the end, the team had to clean up all the servers on the network.

"We knew the Trojan on that [first] system, but we missed out on a couple of other machines, "one of the emergency response specialists said to Dark Reading. "As soon as we cleaned up the one machine, there they were the next day. They had moved laterally and installed two completely different backdoors, so IOCs [indicators of compromise] and signatures were useless."

According to Dark Reading, the response a company makes when it is hacked is becoming just as important as the work that goes into preventing hacks in the first place. Many have begun to accept that hacks are becoming an inevitable part of the cybersecurity industry - that hackers are becoming so sophisticated that the question is not if a hack will happen but when it will happen and what the response will be.

Dark Reading reports that in a survey conducted by Arbor Networks and The Economist, two-thirds of respondents believed that a proper, thorough response to a cyberattack would actually promote a company's reputation rather than harm it.

Target Fails to Respond Adequately
However, it can sometimes be difficult to respond properly even when the right safety checks are in place. Even Target was warned of a potential data breach ahead of time. Its cybersecurity team in charge of detecting the attack worked perfectly, but Target ignored the information that came from the team, .

Target had installed a security breach detecting tool that was build by the firm FireEye. Target had also hired a team of security specialists in Bangalore who would keep track of any unusual findings and notify Target's central security operations department in Minneapolis in case it detected anything unusual. When the hackers who broke into Target uploaded their malware that would download credit card information and send them to servers in Russia, the FireEye software detected it and notified the team in Bangalore. The Bangalore team received this information and then sent it to the security department in Minneapolis. However, Minneapolis did not respond to Bangalore, and the hacking proceeded as if Target had not even installed FireEye​'s security solution at all.

This should emphasize the importance of using the tools that are available for preventing hacks and responding appropriately.

Leave a Reply