Cyber criminals will try to take advantage of unprepared organizations and claim they have infiltrated their systems when they have not. Here is how to validate and respond to false breach claims.
Credit: Andrey_Popov / Shutterstock
With cyberattacks continually rising, cyber criminals will take advantage of current events or previous breaches and claim they have infiltrated a business when they have not. Organizations should plan for false breach claims and must be ready to follow the necessary steps to confirm whether there has been an attack while keeping to regulatory obligations.
In August, Australia's local domain name registrar, auDA was forced to correct the record after cyber criminals claimed to have accessed its data. auDA alerted relevant authorities and made public statements, at the same time it conducted investigations which found no evidence criminals had accessed its systems or data.
auDA took the right steps in taking the claim seriously, but can organizations prepare for this kind of incident and even use it as a learning experience?
As a seasoned incident investigator, Christopher Pogue, US director of digital forensics and incident response at CyberCX, has spent thousands of hours helping organizations make sound, timely decisions in these situations. His advice: Take action immediately. Assume the worst, while hoping for the best. Answering the board, the SEC and regulators afterwards, CIOS need to be able to say they followed the procedure and it...
A new study published in PLOS One sheds light on how people respond to health-related disinformation on social media. The research suggests that people who enjoy thinking critically and analytical...