Cybersecurity Incidents and How to Avoid Them?

If you look at cybersecurity statistics, you'll find many cybersecurity incidents, data breaches, and hacks in every country.

Just a few months to the end of 2022, there have already been hacks on Tiktok, and Uber, among others.

Every year, research firms forecast a high rise in cyber attacks. And it's no surprise how companies and organizations are opting for a hybrid or a remote work environment.

It's estimated that a new cyber attack starts every 10 seconds. But for all the speed and sophistication threat actors have developed over the last few years, there is still much to be optimistic about on the defense side.

What is a Cybersecurity Incident?

There was a saying that it takes years to build a reputation and a few seconds for a computer incident to ruin it.

The measurable cost to the affected organization is only the beginning.

The impact of what criminals do with stolen information is difficult to quantify and is often delayed or never discovered.

Cyber Security Incident is defined as any unlawful, unauthorized, or unacceptable action involving a computer system, cell phone, tablet, or any other electronic device with an operating system or that operates on a computer network.

Types of Cybersecurity Threats and Incidents

1. Malware

It shouldn't be surprising that malware is the most common cyber incident and attack type. Malware includes viruses, worms, ransomware, Trojans (or Trojan Horse viruses), and spyware.

Malware usually comes in the form of a link or email attachment that, once clicked, begins to install malicious software in the computer that clicked it and may extend to the entire network.

2. Zero-day Exploit

A zero-day exploit involves exploiting a network vulnerability before a patch is released or implemented to fix the vulnerability.

There's a tiny window opportunity for hackers between when the vulnerability is announced and when the patch is released and implemented. Attackers use this short time frame to gain network access.

"Preventing zero-day attacks requires constant monitoring, proactive detection, and agile threat management practices."

3. Man-in-the-Middle (MitM) Attacks

Type of attack is where the hacker inserts themselves in the middle, usually between a user and their network.

The problem with Man-in-the-Middle attacks and incidents is that they are challenging to detect, and users are often unaware that someone on their network intercepts all the data and information they send.

Hackers can perform a MitM attack by relying on network vulnerabilities such as unsecured WiFi.

4. DoS and DDoS Attacks

Denial-of-service (DoS) attacks are cyber incidents where hackers flood the systems, networks, or servers with traffic, making it impossible for the system to process requests.

Meanwhile, distributed denial-of-service (DDoS) attacks come from various malware-infected host machines. Hackers use DDoS attacks to deny service to users, take the system offline, and launch another attack to access the network.

5. Password Attacks

Another common cybersecurity incident is a password attack. Since passwords are one of the top ways to confirm access to secure information such as login, email, or platform, among others, it's only logical that hackers would have their eyes on others' passwords.

Attackers can use social engineering to collect information about their target and then start the guessing process to get the correct password. Once they uncover passwords, hackers can then use them to access confidential information or control data and systems.

Cybersecurity Incidents Response?

Most organizations establish a team of individuals, often called a Computer Security Incident Response Team (CSIRT), to respond to any computer security incident.

The CSIRT is a multi-disciplined team with the appropriate legal, technical, and other expertise necessary to resolve an incident.

The Role of The Corporate Computer Security Incident Response Team

There is often a rift between personnel investigating computer security incidents and those investigating traditional crimes. Many corporations delineate separate functions for corporate security personnel and computer security personnel.

The CSIRT responds only to network attacks such as computer intrusions or DoS attacks.

When a more traditional crime is committed, corporate security officers or corporate investigators perform the investigation. However, it is prevalent for corporate security personnel to be unarmed and unprepared to deal with technical evidence.

This same technical evidence is often trivial and straightforward for the CSIRT personnel to interpret.

Incident Response Methodology

There are seven significant components of incident response:

Pre-incident preparation: Take action to prepare the organization and the CSIRT before an incident occurs.

Detection of incidents: Identify a potential computer security incident.

Initial response: Perform an initial investigation, recording the basic details surrounding the incident, assembling the incident response team, and notifying the individuals who need to know about the incident.

Formulate response strategy: Based on the known facts' results, determine the best response and obtain management approval. Then, determine what civil, criminal, administrative, or other actions are appropriate based on the investigation's conclusions.

Investigate the incident: Perform a thorough collection of data. Then, review the data collected to determine what happened, when it happened, who did it, and how it can be prevented in the future.

Reporting: Accurately report information about the investigation in a helpful manner to decision-makers.

Resolution: Employ security measures and procedural changes, record lessons learned, and develop long-term fixes for any problems identified.