ebook img

Security Incidents & Response Against Cyber Attacks PDF

250 Pages·2021·9.383 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security Incidents & Response Against Cyber Attacks

EAI/Springer Innovations in Communication and Computing Akashdeep Bhardwaj Varun Sapra  Editors Security Incidents & Response Against Cyber Attacks EAI/Springer Innovations in Communication and Computing Series Editor Imrich Chlamtac, European Alliance for Innovation, Ghent, Belgium Editor’s Note The impact of information technologies is creating a new world yet not fully understood. The extent and speed of economic, life style and social changes already perceived in everyday life is hard to estimate without understanding the technological driving forces behind it. This series presents contributed volumes featuring the latest research and development in the various information engineering technologies that play a key role in this process. The range of topics, focusing primarily on communications and computing engineering include, but are not limited to, wireless networks; mobile communication; design and learning; gaming; interaction; e-health and pervasive healthcare; energy management; smart grids; internet of things; cognitive radio networks; computation; cloud computing; ubiquitous connectivity, and in mode general smart living, smart cities, Internet of Things and more. The series publishes a combination of expanded papers selected from hosted and sponsored European Alliance for Innovation (EAI) conferences that present cutting edge, global research as well as provide new perspectives on traditional related engineering fields. This content, complemented with open calls for contribution of book titles and individual chapters, together maintain Springer’s and EAI’s high standards of academic excellence. The audience for the books consists of researchers, industry professionals, advanced level students as well as practitioners in related fields of activity include information and communication specialists, security experts, economists, urban planners, doctors, and in general representatives in all those walks of life affected ad contributing to the information revolution. Indexing: This series is indexed in Scopus, Ei Compendex, and zbMATH. About EAI EAI is a grassroots member organization initiated through cooperation between businesses, public, private and government organizations to address the global challenges of Europe’s future competitiveness and link the European Research community with its counterparts around the globe. EAI reaches out to hundreds of thousands of individual subscribers on all continents and collaborates with an institutional member base including Fortune 500 companies, government organizations, and educational institutions, provide a free research and innovation platform. Through its open free membership model EAI promotes a new research and innovation culture based on collaboration, connectivity and recognition of excellence by community. More information about this series at http://www.springer.com/series/15427 Akashdeep Bhardwaj • Varun Sapra Editors Security Incidents & Response Against Cyber Attacks Editors Akashdeep Bhardwaj Varun Sapra School of Computer Science School of Computer Science University of Petroleum & Energy Studies University of Petroleum & Energy Studies Dehradun, India Dehradun, India Series Editor Imrich Chlamtac ISSN 2522-8595 ISSN 2522-8609 (electronic) EAI/Springer Innovations in Communication and Computing ISBN 978-3-030-69173-8 ISBN 978-3-030-69174-5 (eBook) https://doi.org/10.1007/978-3-030-69174-5 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland To Those Who Inspired This Book But Will Never Read It! Foreword Introduction The year 2020 has seen a dramatic increase in the number of security incidents and cyberattacks. The COVID-19 pandemic mandated social distancing and working from home. This involuntary digital transformation resulted in a substantial increase in online activities, employee interactions, e-learning, and financial transactions. This led to more opportunities for cybercriminals as the attack surface area became larger than ever. As the community adjusts to the “new normal,” there is a good indication that many of us that are working from home will continue to do so and we will never ever get back to “normal.” The proliferation of mobile devices and ubiquitous Internet connectivity has also increased the threat surface area. The digi- tal transformation of our lives, our work, and our social activities is likely to result in more incidents and attacks. Therefore, preparing, planning, and mitigating secu- rity incidents and responses to the cyberattacks must become part of an organization and every individuals’ daily routines in the “new normal.” Cybersecurity incidents and cyberattacks have been around for as long as com- puters have been around, but the complexity and sophistication of these incidents and attacks recently, the magnitude of attacks, costs, and irreparable damage are something that cannot be ignored anymore. Security incident planning and mitiga- tion is critical to an organization survival. Being able to counter cyberattacks and prevent attacks must be the requirement of an organization’s standard operating procedures. Part of the blame for the increase in security incidents and cyberattacks lies with organization, institutions, and individuals trying to prevent them. For example, organizations like Cisco provide comprehensive training about computer networks and cybersecurity. This provides in-depth knowledge of the networks/pro- tocols and how to exploit them. Institutions teach courses on ethical hacking and individuals make and upload “how to hack” videos on YouTube. To make matters worse, security incidents and cyberattacks are now being armed with technologies like Artificial Intelligence, which can easily outsmart human responses in trying to detect, mitigate, and counter attacks. There is a need to train vii viii Foreword more cybersecurity analysts and equip them with the state-of-the-art hardware and software to mitigate future incidents and attacks. Virtual Private Networks, the TOR browser, and the Dark Net are some of the tools among many others used by hack- ers, thus making it difficult to identify the perpetrators. Cybersecurity has remained and will remain a “cat-and-mouse” game. There will be attacks and exploits and then there will be patches, upgrades, and antiviruses. We will always remain one step behind the attackers. Our best effort in this game is to have proper procedures in place, the hardware and the software to detect security incidents and cyberattacks and mitigate them. Along the way, we have learnt a lot and developed ISO27000 standards, NIST 800 61 Incident Handling Guides, as well as local and regional Computer Security Incident Response Teams (CSIRT). CERT allows constituents to report information via phone, email, or by using a secure incident-reporting website. They accept reports of security incidents, phishing attempts, malware, and vulnerability report- ing. Standards and guidelines are adopted and followed to mitigate security inci- dents and cyberattacks. These standards and guidelines are best practices that have been developed over years for organizations to adopt. They are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. Security certified and accredited organizations find it easier to collaborate their networks. Security Incidents A security incident or cyberattack takes place when there is an unauthorized access to an organization’s computer network. This access could be to get information, compromise the integrity of data, or make the system unavailable. This is an inci- dent or attack that breaches the CIA triad of confidentiality, integrity, and availabil- ity of the system. Most organizations will have a cybersecurity team or a network systems administrator to monitor their networks, detect, and mitigate such incidents and attacks. According to Rosencrance (2019) “Security incidents are events that may indicate that an organization’s systems or data have been compromised or that measures put in place to protect them have failed. In IT, a security event is anything that has significance for system hardware or software, and an incident is an event that disrupts normal operations. A security breach is a confirmed incident in which sensitive, confidential, or otherwise protected data has been accessed or disclosed in an unauthorized fashion.” The University of California Berkeley Information Security Office describes a security incident as “an event that leads to a violation of an organization’s security policies and puts sensitive data at risk of exposure.” Security incident is a broad term that includes many kinds of events. According to SANS (Pokladnik 2020), there are six key phases of an Incident Response Plan: Foreword ix 1. Preparation: Preparing users and IT to handle potential incidents in case they happen (and let’s face it, we know they will) 2. Eradication: Finding and eliminating the root cause (removing affected systems from production) 3. Identification: Figuring out what we mean by a “security incident” (which events can we ignore vs. which we must act on right now?) 4. Recovery: Permitting affected systems back into the production environment (and watching them closely) 5. Containment: Isolating affected systems to prevent further damage (automated quarantines are our favorite) 6. Lessons Learned: Writing everything down and reviewing and analyzing with all team members so you can improve future efforts Examples of security incidents include: • Computer system breach • Unauthorized access to, or use of, systems, software, or data • Unauthorized changes to systems, software, or data • Loss or theft of equipment storing institutional data • Denial of service attack • Interference with the intended use of IT resources • Compromised user accounts It is important that actual or suspected security incidents be reported as early as possible so that organizations can limit the damage and cost of recovery. CERT and CSIRT Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) are usually responsible for attending to security incidents and cyberattacks at the organizational, national, and regional level. These teams are made up of cybersecurity, information security, and other specialists that are deployed to detect, mitigate, and provide defense in depth security against any fur- ther incidents or attacks. A CERT is a group of information security experts respon- sible for the protection against, detection of, and response to an organization’s cybersecurity incidents (Rouse 2019). It is now common to find CERT/CSIRT at national and regional levels. Almost every country has its own CERT or access to a regional CERT. This indicates the level of response required for security incidents and cyberattacks. CERTs are responsible for coordinating the cybersecurity information that affects every gov- ernment agency, business, and individual computer user within their jurisdiction. They provide security alerts, vulnerability information, and helpful tips for protect- ing an organization or a home user. To be effective, CERT needs to receive security incidents from its users. CERT allows constituents to report information via phone, x Foreword email, or by using a secure incident-reporting website. They accept reports of secu- rity incidents, phishing attempts, malware, and vulnerability reporting. Standards and Guidelines Standards and guidelines are adopted and followed to mitigate security incidents and cyberattacks. These standards and guidelines are best practices that have been developed over years for organizations to adopt. They are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cyberattacks. These published materials consist of collections of tools, policies, security con- cepts, security safeguards, guidelines, risk management approaches, actions, train- ing, best practices, assurance, and technologies. For example, the ISO (International Organization for Standardization)/IEC (International Electro technical Commission) 27001 and 27002 standards formally specify a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 is an international standard on how to manage information security. It details requirements for establishing, implement- ing, maintaining, and continually improving an information security management system (ISMS)—the aim of which is to help organizations make the information assets they hold more secure. ISO/IEC 27002 is an information security standard that provides the best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining informa- tion security management systems (ISMS). The NIST (National Institute for Standards and Technologies) Cybersecurity Framework has a number of publica- tions for guidelines. For example: Special Publication 800-12 provides a broad overview of computer security and control areas. Special Publication 800-14 describes common security principles that are used. Special Publication 800-53 pro- vides information on how to manage IT security. Cyberattacks Cybercrime is the greatest threat to every company in the world, and one of the big- gest problems with humanity. The impact on society is reflected in the numbers. In 2016, Cybersecurity Ventures predicted that cybercrime would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and invest- ment, and will be more profitable than the global trade of all major illegal drugs

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.