SlideShare a Scribd company logo

What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

•Download as PPTX, PDF•
•
Accellis Technology Group
Accellis Technology Group

A cyberattack can easily cripple your law firm so even a basic plan can save your firm in the long run. Learn how to build a plan that will protect your firm from being damaged.

Technology
1 of 17
What To Do After A Cyberattack: A Cybersecurity Incident Response Plan
www.accellis.com TheThree A’s of Incident Response
The Importance • 1 in 4 law firms have reported being breached according to ABA survey • Regulatory, insurance, and client confidentiality concerns • Remove the paralysis and get back to business faster, safer • Demonstrate the firm is serious about cybersecurity www.accellis.com
The Three A’s of Incident Response 1. Ammunition: Incident response tools are the first line of defense. Check lists, trained teams, IT support, and more are the ammunition of an effective Response. 2. Attribution: Understanding where an attack is coming from can help you understand an attacker’s intention as well as their technique, especially if you use real- time threat intelligence. 3. Awareness: The most fundamental security control is an educated and aware user. Effective incident identification AND recovery often starts and ends with a well-informed end-user. www.accellis.com
www.accellis.com Building YourTeam
The Members • Security Manager/Security Committee: Point for coordinating the Incident Response • IT Director/Staff: Provides technical support and response to contain the threat while preserving forensic data • Marketing/Public Relations: Coordinates efforts related to client communication • Managing Partner/Exec. Committee: Makes business decisions regarding the firm’s response www.accellis.com
www.accellis.com Your Response Planning Guide
Response Stages 1. Identification/Investigation 2. Containment 3. Eradication/Recovery 4. Communications/Reporting Obligations 5. Documentation www.accellis.com
Response Planning www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committe • Forensics Group/IT Staff • IT Staff • Security Manager/Co mmittee • Security Manager/Committee • Firm Leadership • Authorities, Insurance • Security Manager/Com mittee • IT Staff Key Questions & Tasks • Is this an incident that requires attention now? • Which assets are impacted? • When did the event occur? • Is the threat isolated? • What are the containment options? • Initiate containment plan • First stop the spread or close NW gap • Determine if the fix will delete forensic evidence (if needed)? • Will new equipment be required? • Is Response team required? • Notify Firm Stakeholders • Will outside counsel be needed? • Do authorities need to be contacted? • What systems and data were affected? • How did it happen? • What can be done to mitigate the risk in the future?
What's Unique To Law Firms • Law firms are data driven • Practice areas dictate specific approach to incident response • Health Law: HIPPA obligations • Tax Law: IRS regulations • Specific Client Requirements: Large banks, IP, etc... www.accellis.com
Malware Infection www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Malware Infection • Immediate action required to review affected assets • Knowing the date helps in finding how long the infection has been going on • Isolate the infected PC/Server from the network. This prevents the infection from spreading or causing more issues • Preforming Viruses scans or complete wipe and re- install • If required, forensic imaging is to occur first prior to re-imaging desktop • Response team is notified • Depending on type of virus and if information is accessed, stake holders should be notified • Update virus signatures • Document unique identifiers of the infection to create new rules/alerts
Unauthorized Access www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Marketing • Security Manager/ Committee • IT Staff Unauthorized Access • Immediate action required to find the point of entry and what systems were accessed • Discovery of affected systems will also aid with corrective and preventative controls in the future. • Disable user account and notify affected user • Review of file audit logs to determine what information was accessed. • Change all passwords associated with the affected users account • Incorporate account lock out policies • Gather and preserve all access log information • Response team notified • Stakeholders and clients are to be notified depending on information that was accessed. Document the incident
Mobile Device Loss www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Mobile Device Loss • Immediate attention is required • Determine end user and what kind of device was lost • Resetting end user’s account access • Remote wipe of the lost device (Laptop, tablet, smart phone) • Replace device • Notifying the Response team is optional • Stakeholders should be notified if sensitive information was on the device • Update asset inventory • Update insurance policy if necessary
www.accellis.com Key Tips
Key Tips • Get executive and partner buy-in • Document everything you can BEFORE an incident • Fully understand your cybersecurity insurance policy • Know the response notification laws where you practice • Write it out, then try it through table-top exercises, make adjustments, and practice it again • Keep your response fully documented www.accellis.com
Key Tips • Incident response plan isn’t just an IT thing, it requires multiple people on many levels communicating together • Reduce downtime through quick responses • Clients and other stakeholders are reassured the firm takes cybersecurity seriously www.accellis.com
About Accellis Technology Group Specialized IT Services Company providing • Managed IT Services • Cybersecurity & Risk Management • Software Consulting • Application Development & Integration Target market: small to mid-sized firms (5-250 users) Target verticals: legal, financial and non-profits 20 Employees in Ohio office www.accellis.com

Recommended

Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
)k
)k)k
)kAnne Starr
 
Sec4
Sec4Sec4
Sec4Anne Starr
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 

Recommended

Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
)k
)k)k
)kAnne Starr
 
Sec4
Sec4Sec4
Sec4Anne Starr
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationMLG College of Learning, Inc
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony David Sweigert
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk Tanujpandey5
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security RoadmapAustin Songer
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 

More Related Content

What's hot

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony David Sweigert
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk Tanujpandey5
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security RoadmapAustin Songer
 

What's hot (20)

How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Information Security
Information SecurityInformation Security
Information Security
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
 
Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony Cyber incident response or how to avoid long hours of testimony
Cyber incident response or how to avoid long hours of testimony
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
IT Security & Risk
IT Security & Risk IT Security & Risk
IT Security & Risk
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
 

Similar to What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionNaor Penso
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Incident Response
Incident ResponseIncident Response
Incident Responseprimeteacher32
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Chinatu Uzuegbu
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxJkYt1
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Crew
 

Similar to What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group (20)

IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Incident response
Incident responseIncident response
Incident response
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Soc
SocSoc
Soc
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
 

More from Accellis Technology Group

Webinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 AppsWebinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 AppsAccellis Technology Group
 
Webinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud CollaborationWebinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud CollaborationAccellis Technology Group
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudAccellis Technology Group
 
Webinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It WrongWebinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It WrongAccellis Technology Group
 
Cyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology GroupCyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology GroupAccellis Technology Group
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupAccellis Technology Group
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Accellis Technology Group
 
Art of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology GroupArt of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology GroupAccellis Technology Group
 

More from Accellis Technology Group (9)

Webinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 AppsWebinar Wednesday: SharePoint and Lesser Known O365 Apps
Webinar Wednesday: SharePoint and Lesser Known O365 Apps
 
Webinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud CollaborationWebinar Wednesday: Cloud Collaboration
Webinar Wednesday: Cloud Collaboration
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the Cloud
 
Webinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It WrongWebinar Wednesday: Cloud technology: You're Doing It Wrong
Webinar Wednesday: Cloud technology: You're Doing It Wrong
 
Cyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology GroupCyber Grab Bag Q&A presented by Accellis Technology Group
Cyber Grab Bag Q&A presented by Accellis Technology Group
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology Group
 
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
Small but Not Forgotten: Cybersecurity for the Small Firm Presented by Accell...
 
Art of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology GroupArt of Social Engineering Presented by Accellis Technology Group
Art of Social Engineering Presented by Accellis Technology Group
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presented by Accellis Technology Group

  • 1. What To Do After A Cyberattack: A Cybersecurity Incident Response Plan
  • 3. The Importance • 1 in 4 law firms have reported being breached according to ABA survey • Regulatory, insurance, and client confidentiality concerns • Remove the paralysis and get back to business faster, safer • Demonstrate the firm is serious about cybersecurity www.accellis.com
  • 4. The Three A’s of Incident Response 1. Ammunition: Incident response tools are the first line of defense. Check lists, trained teams, IT support, and more are the ammunition of an effective Response. 2. Attribution: Understanding where an attack is coming from can help you understand an attacker’s intention as well as their technique, especially if you use real- time threat intelligence. 3. Awareness: The most fundamental security control is an educated and aware user. Effective incident identification AND recovery often starts and ends with a well-informed end-user. www.accellis.com
  • 6. The Members • Security Manager/Security Committee: Point for coordinating the Incident Response • IT Director/Staff: Provides technical support and response to contain the threat while preserving forensic data • Marketing/Public Relations: Coordinates efforts related to client communication • Managing Partner/Exec. Committee: Makes business decisions regarding the firm’s response www.accellis.com
  • 8. Response Stages 1. Identification/Investigation 2. Containment 3. Eradication/Recovery 4. Communications/Reporting Obligations 5. Documentation www.accellis.com
  • 9. Response Planning www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committe • Forensics Group/IT Staff • IT Staff • Security Manager/Co mmittee • Security Manager/Committee • Firm Leadership • Authorities, Insurance • Security Manager/Com mittee • IT Staff Key Questions & Tasks • Is this an incident that requires attention now? • Which assets are impacted? • When did the event occur? • Is the threat isolated? • What are the containment options? • Initiate containment plan • First stop the spread or close NW gap • Determine if the fix will delete forensic evidence (if needed)? • Will new equipment be required? • Is Response team required? • Notify Firm Stakeholders • Will outside counsel be needed? • Do authorities need to be contacted? • What systems and data were affected? • How did it happen? • What can be done to mitigate the risk in the future?
  • 10. What's Unique To Law Firms • Law firms are data driven • Practice areas dictate specific approach to incident response • Health Law: HIPPA obligations • Tax Law: IRS regulations • Specific Client Requirements: Large banks, IP, etc... www.accellis.com
  • 11. Malware Infection www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Malware Infection • Immediate action required to review affected assets • Knowing the date helps in finding how long the infection has been going on • Isolate the infected PC/Server from the network. This prevents the infection from spreading or causing more issues • Preforming Viruses scans or complete wipe and re- install • If required, forensic imaging is to occur first prior to re-imaging desktop • Response team is notified • Depending on type of virus and if information is accessed, stake holders should be notified • Update virus signatures • Document unique identifiers of the infection to create new rules/alerts
  • 12. Unauthorized Access www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Marketing • Security Manager/ Committee • IT Staff Unauthorized Access • Immediate action required to find the point of entry and what systems were accessed • Discovery of affected systems will also aid with corrective and preventative controls in the future. • Disable user account and notify affected user • Review of file audit logs to determine what information was accessed. • Change all passwords associated with the affected users account • Incorporate account lock out policies • Gather and preserve all access log information • Response team notified • Stakeholders and clients are to be notified depending on information that was accessed. Document the incident
  • 13. Mobile Device Loss www.accellis.com Response Stage Identification/ Investigation Containment Eradication /Recovery Communications/ Reporting Document Update Response Team • End-users • IT Staff • Security Manager/ Committee • IT Staff • Security Manager/Committee • Forensics Group/IT Staff • IT Staff • Security Manager/ Committee • Security Manager/Committee • Firm Leadership • Authorities and Insurance • Security Manager/ Committee • IT Staff Mobile Device Loss • Immediate attention is required • Determine end user and what kind of device was lost • Resetting end user’s account access • Remote wipe of the lost device (Laptop, tablet, smart phone) • Replace device • Notifying the Response team is optional • Stakeholders should be notified if sensitive information was on the device • Update asset inventory • Update insurance policy if necessary
  • 15. Key Tips • Get executive and partner buy-in • Document everything you can BEFORE an incident • Fully understand your cybersecurity insurance policy • Know the response notification laws where you practice • Write it out, then try it through table-top exercises, make adjustments, and practice it again • Keep your response fully documented www.accellis.com
  • 16. Key Tips • Incident response plan isn’t just an IT thing, it requires multiple people on many levels communicating together • Reduce downtime through quick responses • Clients and other stakeholders are reassured the firm takes cybersecurity seriously www.accellis.com
  • 17. About Accellis Technology Group Specialized IT Services Company providing • Managed IT Services • Cybersecurity & Risk Management • Software Consulting • Application Development & Integration Target market: small to mid-sized firms (5-250 users) Target verticals: legal, financial and non-profits 20 Employees in Ohio office www.accellis.com