03 September 2020
Incident Response - taking stock
The recent Distributed Denial of Service (DDoS) attacks on the NZ Stock Exchange over a 5 day period are a clear demonstration of how cyberattacks adversely impact business operations causing reputational and financial damage.
Some organisations in Australia and New Zealand may not have any measures in place to prevent a DDoS attack, and possibly do not see a strong business requirement to protect their online services from such an attack. However, this type of event should act as a timely reminder that all organisations should take stock of their Incident Response (IR) plans and the associated execution processes, in the event of any form of cyberattack.
The benefit of having a comprehensive IR plan is that you can improve the speed and effectiveness of your team in dealing with a real-life incident.
Our Incident Response experts can assist an organisation to develop an IR plan or refresh the key components of an existing IR plan.
To ensure the IR plan execution steps are clearly understood, we can formalise the IR roles and “war room” structure, walk through an IR scenario using a sample playbook and prepare suitable supporting IR documentation, including a library of our 18+ IR playbooks.
Click here to view our Execution Pack.
For those organisations that want to quickly start an actual incident response process without requiring in-house expertise, we have a First Responder Forensic Toolkit (FRFT) available. Having the FRFT onsite means that within minutes you can react to a potential incident and start collecting the data necessary to complete an initial triage exercise, which is paramount in conducting an effective investigation during incident response.
View the FRFT Infographic
View a previous article – In the Event of a Breach Time is of the Essence
Teams Empowers Users - but what about your data?
Rolling out Microsoft Teams, which is a very functional collaboration tool, has meant organisations are starting to become more aware that data can be accidentally shared with the third parties, misused or stolen. So in empowering users to collaborate one has to strike a balance to ensure data security risks are understood and appropriately managed.
Creating a new team or expanding members of an existing team to build collaboration and conversations involves opening up teams channels. When someone creates a team, they in essence are creating an Office 365 Group at the backend. This creates potential security issues.
For example, Teams has been designed with an open permissions model which means that any user can create and own a team and invite other people to join the team. Each member of that team has access to the data in the team’s public channels from the chat, meeting and shared file functionality. A third party “guest” outside of the organisation can be invited to join a team and then share files, set up new channels for that team and post, delete and edit messages.
As Teams is reliant upon interaction and integration with a range of Microsoft’s technologies such as Microsoft 365, Azure AD, Exchange Online, OneDrive and Sharepoint it perhaps is more complex “under the covers” as it appears to the untrained eye.
For peace of mind a security assessment of a planned or already deployed Teams solution is worth the investment to minimise the chance of a data breach or some data leakage.
Click here to view our Microsoft 365 Security Audit Service