- unauthorized modification of a system either via an individual or via malicious software
- elevation of system privileges without authorization
- unauthorized use of a systems resources (storage, cpu, memory, processes, etc.)
- denial of service to a network
- programmatic manipulation of a system or network to attack a third party
Internal incidents can be even more damaging then external attacks. The insider knows your systems, and has more time to plan and execute the attack. He knows your administrative and logical safeguards. Recent internal incidents which have resulted in significant financial loss or loss of customer confidence include:
- Employees used financial institution computers to obtain customer information and commit fraud using the customer information.
- An individual was charged with trafficking in passwords and similar information that would have permitted others to gain unauthorized access to his employer's computer network.
- Former employee of arrested on charges of hacking into company's computer and destroying data.
An excellent start is the development of a Computer Incident Response plan. The plan should supplement your Business Continuity Plan (BCP). It should include a general response plan with a designated incident leader. Team memebers with all of their contact information should be available to the leader. The companies BCP will be relied upon for other issues such as: media response, facilities management, disaster recovery, etc. If your company does not have an Incident Response plan, Information Risk Group has experience professionals who can aid your company with it's development.
Another preventative measure your company should consider is a security assessment. An annual security assessment should be performed against your companies administrative, technical and physical safeguards. The assessment will enable your company to concentrate its limited budget on its information security weaknesses.
It is important that you do not panic when your systems are under attack. Active incidents are among the most technically stressful and challenging events your IT employees will ever face. They require experience and advanced knowledge to solve and prosecute. Minimally consider performing the following actions:
- Do not turn the system off, if you have to stop the attack because you are losing proprietary information then remove the cable from the machine.
- Document what is occurring on a separate system or on paper. Document the system and the individuals performing any valid interaction with the system.
- Observe the intruder by monitoring and recording events occurring on the network.
- Recall backup tapes in preparation to restore the system.
- Follow your incident response plan and if necessary ask for outside help.
Please contact us with any questions you may have on this subject or any other services Information Risk Group offers.
Information Risk Group LLC
3220 Henderson Blvd.
Tampa, FL 33609
Information Risk Group offering information security and risk management services to companies throughout the Americas.