One of the biggest challenges of changing careers or starting a new job , Not knowing what to do , It's learning what you can't do .
People who err , To err is human. ？ But in the security industry , Small mistakes often cause great losses . Here are some common errors in security response , And the insights of security experts .
For companies that are unprepared , Finding out that you're being attacked can lead to panic 、 Invalid responses and unbearable bills . You know what you have to figure out in an attack , You might as well set up an overall plan to deal with these problems , Be prepared against want .
for instance ： What data was stolen ？ How did the attacker get into the company network ？ How long have they been swimming in the company network ？ What systems have they got their hands on ？
The answers to these questions , It shows whether a company has the right people 、 The ability of process and technology to deal with data leakage . I can't answer , So this company is basically acting blindly , I can only hope that I will never be the target of an attacker .
On safety ,“ hope ” That's not the word people want to hear ,“ prepared ” It's just .
2. We don't have an accurate grasp of the scope of influence
Maybe one , Maybe 20 platform , The number of intruded machines varies . If it is 20 platform , That means there will be a lot of machines to clean up . Grasp the scope of security incidents , It's critical to develop appropriate response and recovery strategies .
The response is not just about cleaning up the computer . Loophole 、 back door 、 Added accounts and so on , There may be many other problems . Failed to grasp the full picture of the incident , It usually means you're not solving the real problem at all .
3. It's too late for the law to intervene
Although legal procedures always lag far behind security incidents （ And it's definitely not as fast as the attacker ）, There are always times when legal intervention is introduced as early as possible to help limit the scope of information disclosure under the privilege of confidentiality , Especially when the legal profession is responsible for coordinating external parties to avoid information leakage or being known by other groups . What happened? 、 How did it happen 、 Who are affected —— Only around these relevant facts to form a reasonable explanation , Information can only be disclosed .
4. False statement “ Task to complete ”
I don't fully understand the scope of influence （ Or the incident is still being resolved ）, I'm not ashamed to announce that there is only XX Records stolen , Or the serious face claims that everything is in control , It's actually a very dangerous solution , It's going to make the company more burdensome .
Don't say you're done , Want to say ：“ We are still investigating . This is what we know at the moment ”. I'm in a hurry “ We know what happened ” The appearance of , And then what was initially reported was 400 Ten thousand records became 1 Ten million 、5 A million or something , Too much to handle .
5. We don't know the root cause and the way of attack
I don't know the reason and type of attack , Will keep the company facing the same threat in the future . If you don't know how the attacker intruded , It is difficult to grasp the overall situation . How can you be sure you've invited them all out ？ If you don't close the back door that let them slip in this time , Tomorrow 、 The day after tomorrow 、 Next month, 、 Coming year , They're going to make a comeback .