{"id":644,"date":"2021-03-07T12:10:01","date_gmt":"2021-03-07T12:10:01","guid":{"rendered":"http:\/\/www.cyberlaws.org\/?p=644"},"modified":"2021-03-07T12:11:32","modified_gmt":"2021-03-07T12:11:32","slug":"how-to-handle-cyber-security-incidents-in-start-ups","status":"publish","type":"post","link":"https:\/\/www.cyberlaws.org\/how-to-handle-cyber-security-incidents-in-start-ups\/","title":{"rendered":"How to Handle Cyber-Security Incidents in Start-Ups"},"content":{"rendered":"
In the current age where information technology has penetrated in almost every area of our lives, both personal and professional has huge impact of Information technology, in other words our live has been completely dependent on technology. Be it organizational or personal, the amount of data collected and processed by big-companies and start -ups is alarming. Human beings have become so much dependent on technology, be it hardware or software, holdable to wearables to insertable, technology is all but inseparable.<\/p>\n
Be it office or daily household tasks, technology has invaded in every sector and make the work easier and more efficient to perform., however, all the technology gadgets and services have one thing in common, that is data processing. In order to process the data like PII(Personally Identifiable Information),PHI Protected health information about individuals, and critical financial, scientific, confidential\u00a0 data of organizations and countries is\u00a0 extremely lucrative\u00a0 to competitors and cybercriminals, ranging\u00a0 hackers to , script kiddies, the wannabes, elites, activists, crackers, and phreakers to punks ciphers<\/p>\n
For an example you are start-up organization providing information technology services to any government or any other big organization which is processing critical data, then a vulnerability in your system can be a potential risk which could lead to data breach of your client. As per recent trends, at least one new zero-day vulnerability was found each week. As zero-day vulnerabilities are discovered, they just serve as a tool for cybercriminals\/hackers to intensify attacks. Hence by enabling proactive measures such as incident management or cyber crisis management plan can be an effective way to limit or even prevent the propagation of a cyber security attack.<\/p>\n
\n
IMPACTS OF CYBER SECURITY BREACHES IN START-UPS<\/strong><\/p>\n Cybersecurity breaches impacts\u00a0\u00a0 organizations and companies in different ways. Many of which cause serious damage to the organizations and start-ups, if not permanent. Some effects of cyber breaches are:<\/p>\n \u00a0Cyber security breaches or incidents can sustain by opting different kind of strategies. Few of them is setting up preventive measures to avoid a potential attack, and the other being how to respond when a breach or attack occurs as a corrective measure in case of any Zero-day attack. However, both the methodologies require intense monitoring of the information systems.<\/p>\n \n STEPS TO AVOID A POTENTIAL CYBERSECURITY ATTACK<\/strong><\/p>\n Cyber security attacks are of various kinds and natures, and there is an enormous number of resources out there stating how to prepare for the inevitability of a cyber-attack. Cyber risk can come from various points like open ports, unattended laptops, desktops, improper patch management etc and this activity requires involvement of top to lowest level of employees the organisation. There is no perfect methodology or solution available to handle cyber security incidents or attacks in any organisation, however the impact can be minimised if handled properly. Below are the points to strengthen cyber security:<\/p>\n \n A well skilled team for handling cyber security in any organisation is very important. Having the Data Privacy Officer (DPO), Chief Information Security Officer (CISO), and the Chief Information Officer (CIO), etc., with well-defined role are helpful for any organisation<\/p>\n HOW TO RESPOND TO SECURITY BREACHES?<\/strong><\/p>\n \n Create an IRT with skillsets and capable to handle Cyber security incidents. Define roles and responsibilities of each member which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Finance Compliance and Human Resources.<\/p>\n \n Your (IRT)Incident Response Team should include your Chief Information Security Officer (CISO), who will lead the team organisation\u2019s security policy direction. In case of start-up Virtual CISO can be a guide.<\/p>\n A impact matrix for incident should be clearly defined for damage assessment and determine the appropriate response. For example, an incident where a computer virus is easily detected and removed and which has not impacted any external or internal parties can be categorised as low and should not be escalated.<\/p>\n \n However, an incident which impacts clients and customers should be escalated to the IRT.<\/p>\n Employees are the first one to observe the cyber security incidents, any kind of incidents including abnormal system behaviour, phishing mails, fraud mails etc shall be immediately escalated to IRT so that timely corrective action can be taken.to mitigate suspicious vulnerabilities and avoid unexpected downtime.<\/p>\n Identify and assign responsibility to one member of the IRT managing communication to affected parties (e.g.\u00a0 government bodies, investors, third party vendors, etc.). Depending on the severity of the incident, the IRT member should inform the affected parties and law enforcement agencies<\/p>\n IRT is responsible for identifying, gathering and analysing both physical and electronic evidence as part of the investigation. These evidences shall be kept securely as a part of artefacts. Lesson learnt should be documented for future.<\/p>\n Technical members of the IRT shall be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences.<\/p>\n Since cyber security is the responsibility of everybody in the organisation the necessary disciplinary action shall be defined for the guilty. An adequate amount of penalty or action shall act as a deterrence and helpful in reducing the cyber-security incidents.<\/p>\n \n Keywords: Cyber-Security, Information Security, Cyber-Security incidents, CISO, Virtual-CISO, hacking, cybercriminal, start-ups,incident-response <\/em><\/strong><\/p>\n \n \n","protected":false},"excerpt":{"rendered":" HOW to HANDLE CYBER-SECURITY INCIDENTS in Start-Ups In the current age where information technology has penetrated in almost every area of our lives, both personal and professional… <\/p>\n","protected":false},"author":1,"featured_media":645,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"1234","meta":[],"categories":[151,4,124],"tags":[74,8,152,153,18,154,14,150,141],"_links":{"self":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/644"}],"collection":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/comments?post=644"}],"version-history":[{"count":2,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/644\/revisions"}],"predecessor-version":[{"id":647,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/644\/revisions\/647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media\/645"}],"wp:attachment":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media?parent=644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/categories?post=644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/tags?post=644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n
\n
\n
\n