Assignment Task
The following information is provided to allow you to investigate a specific set of circumstances around a recent incident in a corporate network and should be used in conjunction with detailed information provided for the Cyberattack on the next page.
Background You are an IT Security Consultant who has been engaged by the management team at CricTech, a wearable technology company, to review their systems, processes and procedures after a recent cybersecurity attack. Within this context, as an IT Security Consultant, you must perform two core functions. 1. Oversee the review of the IT operations of CricTech security operating environment to determine what can be done to prevent similar attacks in the future. 2. Develop an improved security profile that enhances policy, architecture, and training processes. In initial discussions with the management team you have noted the following issues: 1. No documented DR/BCP plan. 2. No formal Incident Response Team, or Incident Response Plan. 3. Insufficient documentation of the current system. a. A basic network diagram exists.
4. No understanding of the normal operating characteristics of the network and IT systems. 5. No established security culture or awareness program.
Details of the recent cyberattack against CricTech. Adverse impact to the cyberattack on the CricTech network was first noticed late on Thursday afternoon four weeks prior to your initial meting with the management team. Initial forensic investigation, performed by a well-respected forensic investigator, completed postattack found that the attacker used a brute force attack to gain access to a decommissioned Windows 2003 that was still connected to the DMZ segment of the network. The attacker used information present on this server to gain access to the backup server, also in the DMZ, and with some experimentation, gain accessed to the internal server farm by reappropriating the backup software communication channels. This approach was able to bypass the internal facing firewall because the of the apparent legitimacy of the communications channel and despite the quantity of traffic increasing by approximately 50% to estimated normal levels.
Insurance The company did not contact their insurer having declined the additional cybersecurity insurance, offered to them a few weeks prior.
Costs Analysis showed that having only a local instance of the product, customer and research and development databases contributed greatly to the $1.5 million restoration cost. It meant the reinstallation of the databases could not be done without significant input from the database developer and the IT integrator. Other costs incurred $35,000 in staff overtime and $15,000 in notifying clients of the attack. Including forensic investigation costs of $22,000, and some other sundry expenses, the total cost of the cyberattack was $1.61 million. This represents approximately 18 months of profit based on the past 10 years of operation.
Comentários