Security breach is a serious attack not only on the business but to the clients as well, as it puts them into a compromised state.
Companies are expected to have an organized disaster recovery (DR) plan, which they can pull up in the event of a security breach. Upon the discovery of an attack, a disaster recovery plan must be set into motion as soon as possible.
Disaster recovery from a security breach is not different from a forensics investigation, as forensics is essentially a crucial part of disaster recovery. The company’s forensics team must be present on-site as soon as the breach was discovered to limit the damage, preserve the evidence before they are destroyed or compromised, perform an IT audit to collect data about the attack, and analyze data and evidence gathered.
Results from their analysis will be processed by the security team to perform the necessary remediation actions towards recovery, and pass on to law enforcement agencies who’ll be responsible for further investigating those who are presumed to be involved in the attack.
Sounds like an episode of CSI: Cyber, isn’t it? In case you haven’t heard about it yet, Cyber is the fourth installment in the famed CSI series that was inspired by the advanced technological work of a real-life Cyber Psychologist, Mary Aiken. This American suspense and drama series oversimplifies cases, but there are some lessons that you can learn from it.
IT Security Lessons from CSI
So, why not make the most out of watching your favorite cybercrime-busting TV show? Instead of being paranoid and fearful as to what degree a crime in each episode may be true, let’s put those IT security lessons from CSI to good use.
Be wary of unregulated ridesharing services
Many commuters have embraced the convenience of ridesharing services in their daily life.
It definitely is comfortable to have your ride in a matter of minutes with just a few clicks from your smartphone. It’s way better than standing outside for how long hailing a few more cabs before finally getting one that would take you to your destination.
The downside, however, is that there are ridesharing services that are out on the streets but have yet to be regulated by the government. Drivers may obtain their permit to operate from the franchise without going through stringent government regulations.
The driver en route your pick-up point may have a pending criminal case and is on the prowl for his next victim. Take the cue from Episode 3: Killer En Route.
Assign a strong password for your Wi-Fi
Make it a habit to change your Wi-Fi password on a regular basis and refrain from using keywords that are easy to guess.
Avery stressed its importance to two arson victims in Episode 4 and said that “It’s as important as the lock in your front door.” A strong password will not only deter intrusions but will also protect everyone around you, particularly, the ones whom you are sharing your Wi-Fi connection with.
Continuous monitoring of security system
In Episode 5: Hack E.R., a Dallas hospital was not spared by a mad hacker who took control of all networked medical devices and threatened to kill one patient every hour if his demands are not met.
The Cyber team had to figure out who the hacker is and how an intruder infiltrated an airtight security system. This episode sends a clear message to businesses that no matter how sophisticated and robust they may think their network security is, a designated IT security analyst must perform constant monitoring and periodic penetration testing in their system.
No personal emails at work
Most employees are guilty of using their office email for their personal transactions and private conversations with family and friends.
Unknowingly, the links that you receive through those emails have the potential to spread a virus or unleash a malware that can harm the network that you’re connected to. It’s a bad habit that has got to stop.
So, quit opening your personal inbox at work and use your office email strictly for the business.
Opt for low-tech appliances and accessories
In Episode 4: Fire Code, high-tech arsonists were able to orchestrate fires by manipulating printers and coffeemakers remotely.
Sometimes, it’s better to stick to simple things rather than upgrade to appliances and accessories that are Wi-Fi-enabled. We don’t need Wi-Fi for everything, anyway. We’re safer that way.
Watch out for that camera
CSI has taught us a lot about CCTV cameras. It captures everything within its radius. The videos taken are for purposes of security monitoring, but there are times when hackers infiltrate the system, download the videos, and use them with malicious intent.
Resist the lure of dating apps
Singles think that going through dating apps to find their true match is the way to go.
In Episode 2: Heart Me, the perils of using a dating app on your smartphone can cost you your whole life. Witness how Raven’s friend was robbed, fired, evicted, and accused of murder when a man whom she met through the app hacked all of her accounts.
Remember that each time you download an app in your smartphone, you grant permissions for it to access your personal data. Scrutinize each app and spare yourself the agony of being hacked.
Do away with the hacker stereotype
In Episode 11: Ghost in the Machine, the Cyber team tracked down a killer who hacked into popular online games to trick users to deliver illegal weapons, which he had purchased through the deep web.
Suspects don’t look like the stereotyped hackers—the kind who wears hoodies all the time and have swollen eye bags, as hackers can be anyone who is skilled enough to code and bold enough to break into a secured network.
IT networks of all businesses, regardless of size, must always be secured, and that audits and vulnerability assessment must be implemented on a regular basis.
Hacking is not a split-second act
TV shows having the theme of crime scene investigations make hacking look like a split-second act that can be executed on impulse. In reality, it’s not.
Hackers take time to penetrate the system, learn how to manipulate it, and wait for the opportune time for when they can launch an attack. Planning and preparation for a security breach could take weeks or even stretch into months.
Not all hackers are bad
Raven and Brody were black hat hackers in their previous life before Avery recruited them to “hack-for-good” and be part of the team.
Now, not all companies are keen in hiring ex-hackers, as they believe that doing so will increase the risk of security breach. On the other hand, some organizations has considered taking in a reformed hacker to help their IT security team to perform stringent security measures in the network and detect anomalous activity faster, as they were used to playing in the offensive.
Deb Shinder gave a better explanation of the good, the bad, and the ugly of hiring hackers in her article at TechRepublic.
When it comes to working with a security breach, businesses and individuals need to learn everything they can about IT security, hacking, and disaster recovery.
The wealth of information is not confined to websites, white papers, and online community groups. They can learn a thing or two in a few TV shows as real life situations usually inspire the plot in each episode.