Digital4nx Group, Ltd.

  • About Us
    • Who We Serve
    • Close
  • Digital Litigation Support Services
    • Digital Forensic Investigations
    • Electronic Discovery Hosting, Consulting, and Advisory
    • Early Case Assessment
    • Expert Witness Testimony
    • Close
  • Cyber Security Services
    • Advanced Ethical Hacking
    • Vulnerability Assessment
    • Post-Breach Incident Response
    • Cyber Awareness Training
    • Cyber Risk and Compliance Assessment
    • CISO-As-A-Service
    • Close
  • News and Case Studies
  • Events
  • Contact Us
    • Subscribe to Newsletter
    • Close
You are here: Home / Events / Webinar / Rob Kleeger Co-authored Security Breach Planning and Response Article for NJCPA Magazine

Rob Kleeger Co-authored Security Breach Planning and Response Article for NJCPA Magazine

May 15, 2016 by Rob Kleeger

Date:

May 22, 2016

Time:

5:00 PM to 6:00 PM
 

Security Breach Planning and Response

The below is an excerpt from the article by Robert Risk, Seth Danberry, Rob Kleeger and Ryan Cooper appeared in the May/June 2016 issue of New Jersey CPA magazine. Read the full article. 

Thieves are everywhere these days. You read about data security breaches every day from Target, Home Depot, Anthem, Sony, to American Express. These are the big companies but did you know that 94% of all breaches occur in companies with fewer than 100 employees. So what are small and midsize companies to do? The answer to this question is assuming you will be breached and plan for it. The worst thing you can do is not be proactive because from a reactive position you risk permanently damaging your company brand and setting your company up for lawsuits and compliance issues.

Security Breach Response

Although many business executives agree that data is among their most valuable assets, it often takes a breach—or, at least, an attempted breach—to convince executives to beef up data protection. As we’ve seen over the past few years, no one is safe from data security attempts.

Unfortunately, most organizations are not aware a breach has occurred until it’s too late.  In a recent case, a small third party medical billing company who has additional staff outside the United States had migrated from a Microsoft 2003 Exchange environment to a newer Microsoft Exchange server environment.  Within two weeks of that migration, a camera crew and well known investigative news reporter shows up at the company asking the CEO to provide a statement on how nearly one hundred thousand patient records have been publically available (i.e. PHI breach).

The incident response team was dispatched onsite that afternoon. They began the forensic preservation of the old server and the new servers, capturing various system log files, interviewed the clients manages IT services firm, the CEO, and began conducting an analysis within a few days.

In the end, it was discovered that the cause of the data breach was from the migration which had caused the FTP setting to default to an anonymous login, therefore it was publically facing and cached by Google’s bot.  The IT firm had simply forgotten to “check the box” to close the publicly facing FTP port.

Getting hacked is never a good thing, especially when the result is stolen or compromised customer data, PII, or PHI. But how a company reacts to the attack can make all the difference in the long run.  A prompt and effective reaction can minimize the damage or at least paint the organization in a fairly positive light with customers, business partners and the public at large.

The initial step is to keep calm, prioritize what is happening and what needs to be contained. Preserving evidence and identifying what has occurred is important, but the investigation can’t begin until the scene is secured.  Depending upon the incident (i.e. passive network intruder, malicious attack, rogue employee, etc.), the primary objective is to provide intelligence about the technical skill-set and the motivation of the attacker, along with immediate steps to remediate and protect critical assets. This includes initial damage assessment, initial vector of compromise, indicators of compromise, preservation of forensic artifacts, and further forensic analysis of information collected.

Often, a critical step is to identify the incident by reviewing errors, log files and other artifacts from firewalls, intrusion-detection systems, and other digital assets.  Once the response team has identified the incidents, they will work on stabilizing or containment of the network to “Stop the bleeding”.

Forensic preservation is a very critical step, due to the potential legal notification and state data breach requirements, reputational risks, and possible litigation.  The earliest stage of any investigation is the most important one to get right.  In emergency medicine, there is a “golden hour” at the very outset, during which there is the highest likelihood that prompt expert response with a clear head and well thought out plan can make or break the best defensible position to support the investigation or litigation needs.

Filed Under: Webinar

Digital Litigation Support Service

  • DLSS – Digital Litigation Support Services
  • Digital Forensic Investigations
  • Electronic Discovery Hosting, Consulting, and Advisory
  • Early Case Assessment
  • Expert Witness Testimony

Cyber Security Services

  • Cyber Security Services
  • Advanced Ethical Hacking
  • Vulnerability Assessment
  • Post-Breach Incident Response
  • Cyber Awareness Training
  • Cyber Risk and Compliance Assessment
  • CISO-As-A-Service

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • Digital4nx Group recognized and honored by Enterprise Security
  • Digital4nx Group Case Study: “Holy SH IT Co: Former IT Exec Cited For Anti-Forensic Program Use”

Contact Us

Digital4nx Group, Ltd.
8 S. Main St - Unit 70,
Marlboro Township, NJ 07746
info@digital4nxgroup.com
732-786-4062

Subscribe to Newsletter
© 2019 Digital4nx Group, Ltd. | All Rights Reserved. Sitemap · Privacy Policy