CSIRT SYNETIS: from security audit to incident response

CSIRT SYNETIS :

from security audit to incident response.

- (Cyber)security audit -

The "Covid-19 crisis" has begun, and is unfortunately far from over... Indeed, it has not taken long for attackers to exploit this crisis through specific or targeted phishing campaigns, the emergence of malware(Coronavirusmap, for example) or even large-scale cyberattacks (Marseille town hall and Aix-en-Provence metropolis last weekend by way of illustration).

This unprecedented crisis is therefore a tremendous opportunity for attackers. Last but not least, many organizations have surely had to introduce teleworking in a more or less anarchic way: pro-personal mixing, no use of security solutions, little or no awareness of ISS among teleworkers, permissive workflows, and so on.

The IMS is the set of technical, organizational, legal and human means necessary and put in place to preserve, restore and guarantee the security of the information system. Thus, for any organization's manager, it is important to ensure that employees are aware of the issue and that effective and robust technical measures are in place to avoid any "unpleasant event" that could be economically dramatic in certain cases (loss of customer data, for example).

In these troubled times, it is more than necessary (and in some cases vital) to remain vigilant, but also to be extra vigilant.

CSIRT Synetis, prevention and response

In IT security, the golden rule is never to trust users. On the whole, it's necessary toanticipate in order not to suffer. When it comes to prevention, Synetis can help you carry out one or more security audits. Carrying out security audits enables you to identify your weaknesses (with a view to correcting them or taking them on board), but also to reassure yourself in terms of SSI.

In the field of computer attack response (the parallel with the current health crisis will be obvious), Synetis' incident response experts first identify the "patient zero" system and possibly the attack vector. After this initial work, containment naturally follows, followed by eradication and remediation. Finally, in IT, incident response ends with the restoration and capitalization phases.

To conclude, in the event of a proven compromise, or a cyber-attack suffered or in progress, Synetis' CSIRT activity is able to propose an incident response as quickly as possible to remedy the problem, and then draw up an ad hoc action plan to meet your needs.

See also the article on the benefits of CSIRT : https://www.synetis.com/un-csirt-quel-est-linteret/

Tags : , , , , , , ,
  • Post published:March 20, 2020
  • Author of the publication :

AntoineC

Security Audit Manager