Damaging: acting without an emergency concept when under attack
Although the number of cyberattacks has decreased slightly worldwide, the quality and effects of the attacks have increased significantly. On the one hand, because the number of stolen records keeps getting bigger, and on the other, because more people are affected by the attacks. To some extent, companies are helpless in the face of the attacks, because they neither have the necessary experts nor the emergency plans for breaches of this nature. Ransomeware waves such as WannaCry and Not Petya have resulted in production losses in many businesses and even caused operations to be delayed at several hospitals. This new way of extorting ransom money – often in Bitcoin or other cryptocurrencies – is a new line of business for cybercriminals.
Telekom Security’s Incident Response Center offers an emergency service that allows security experts working in shifts to be contacted 24/7. When a company comes under attack, they can help resolve the security incident both remotely and on-site. The team can be contacted directly to avoid losing valuable time in a crisis situation.
An everyday scenario is as follows: An employee in the purchasing department of a large company clicks on a link in a phishing email. Ransomware downloads to his computer with lightning speed and spreads automatically through the company network. Before the CISO, or chief information security officer, can take suitable countermeasures, the ransomware starts encrypting the backup server and sends a message from the attackers demanding ransom in the form of cryptocurrency. At that point, the CISO calls the emergency number of the Incident Response Center and asks for help. With the help of security experts from Telekom Security, the crisis team conducts an initial consultation and analysis on the phone. Countermeasures are taken immediately, and the ransomware is prevented from spreading further. Shortly thereafter, external backups can be used to restore each system. With the help of IT forensics experts, evidence is collected on site for prosecution and insurance purposes.
Top security experts: direct access to Telekom’s Threat Intelligence
Low reaction costs thanks to pre-negotiated conditions
Securing and documenting of evidence for prosecution
Customers misjudge their attractiveness as a target
Comprehensive emergency management for cyberattacks is still not standard at many German companies. An emergency management system ensures that central processes are in place and, when effectively managed, can help reduce the damage significantly. In addition to immediate measures for averting attacks, it includes protecting and restoring the affected systems as soon as possible, analyzing the attack and the damage it caused, collecting evidence for possible prosecution, and internal and external crisis communication.
Studies such as Coalfire's Penetration Risk Report have discovered that large companies are less prepared for cyberattacks than, say, small and mid-sized businesses (SMBs). Although large companies have more personnel and capital at their disposal for IT security than small or mid-sized companies, their IT infrastructure is usually much more complex and, above all, more varied in structure. In general, many companies still underestimate their attractiveness to cyber-criminals.
Compared to SMBs, large companies are much more likely to take over third-party IT infrastructure and integrate it into their existing IT landscape through mergers or acquisitions. This complicates attempts to maintain a high level of IT security. The same goes for emergency management. And this is precisely where the services of the Incident Response Center enter the picture.
In the event of an attack, a special operations team from Telekom Security can be telephoned directly. Highly specialized IT security experts with years of experience in the area of IT security for large companies are available around the clock. When an attack occurs, they lead the company step by step through the individual defensive measures, until the attack is averted. In this way, companies can avoid the usually fatal reactions prompted by stress, keep the inevitable damage within limits, and get the infected IT up and running again quickly. In the event of an especially severe attack, the IT experts can also be sent to work at the customer’s premises. If the attack is successfully averted and operations can be continued safely, the experts help gather and sort through evidence in order to close the gateway used by the cybercriminals and enable the company to file criminal charges later on. The experts at Telekom Security can also be integrated into crisis communication and final penetration tests.