Search
Type and hit enter
In today’s cyber threat landscape, incident response (IR) and digital forensics are non-negotiable for any organization. But what if I told you there’s a way to supercharge your IR and forensics capabilities? Enter network observability.
Incident Response Challenges Incident Response Evolution and Current Challenges Part 3 This is the third part of the article. To read Part 1 please click here, to read Part 2 please click here Preventing future breaches The last phase of an incident management plan is reporting, and avoidance of future security incidents. Therefore, a major […]
To read Part 1 of the article, please click here
Compared just with the last decade or so, the cybersecurity landscape has evolved as threats have become more sophisticated. Not only organizations but more and more individual devices are connected to the internet. While beneficial technological progress has been happening, attacks have also evolved, as illustrated in the following diagram
Evolution of attacks
Considering the past couple of decades since 2000, Script Kiddies were initially the main culprits, and their main motivation was “mischief.” Script kiddies are unskilled persons who use attack scripts developed by other people in attacks. They were a significant threat in the early and mid-2000s due to the increased access to personal computing, low levels of security capabilities in early computers, and access to scripts written by expert hackers.
In comparison, today we see that Organized Crime is getting more and more sophisticated and their Fraud and Theft capabilities are increasing. A good example of the damage more organized attacks can inflict is the 2017 WannaCry ransomware attack, which exploited a zero-day vulnerability in Microsoft Windows and affected 150 countries, extorting victims for decryption keys. While in the 2000s a single script could’ve been used by multiple script kiddies until it became widely known or obsolete due to patches, currently attackers can use zero-day vulnerabilities and use them to attack systems while there are no known defenses.
The activities of Nations and Terror Groups can cause serious financial damage, as well as a negative brand reputation for affected organizations. Nation-state attackers are usually sponsored by governments and they target other government agencies or critical infrastructure as well as any key industries known to contain sensitive data or intellectual property. Nation-state attackers are well known to strike via sophisticated techniques, one of the most well-known attacks being the Stuxnet attack on an Iranian nuclear plant.
It’s really important to understand the attackers and think like them to be able to create a proper IR plan. As the famous general Sun Tzu said in his book The Art of War: to win a war, we need to know the enemy, ourselves, and the attack ground. To learn more about possible attackers, it is highly recommended to read intelligence reports from security vendors such as Microsoft or Comodo, or from providers like Verizon, which can give a more detailed perspective on the current security landscape. Verizon Data Breach Report 2019 is based on a detailed analysis of 41,686 security incidents, including 2,013 confirmed data breaches. Some statistics of who was behind the recorded cyber-attacks are as follows:
When we look at the threat actors’ actions, we see the following trends:
The report also highlights that the victims were:
As you can see from the preceding figures, the increase in technology has resulted in an increase in attacks exploiting this progress. To be able to deal with these complex attacks, which can affect organizations of any size, it’s important to develop capable IR teams, ( You can fidn more about this in my Incident Response of the Age, Chapter 3, How to Organize an Incident Response Team. )
Furthermore, to combat this evolution of attacks, enforced structured change in IR has been, and continues to be, necessary in conjunction with the evolution of the threat landscape. It’s important to highlight that the threat landscape will continue to evolve, but the basics of IR will develop around the same framework: identify, contain, eradicate, and recover. IR processes have evolved in some ways, though. In the past, cybersecurity professionals were often seen as security guards at the gate, responsible for protecting corporate data and preventing cyber-criminals from gaining access to enterprise systems. This largely involved maintaining a “perimeter defense” and dealing with attacks as they came.
However, enterprises in recent years have started to use cloud services and bring-your-own-mobile-device policies, which operate outside the corporate network. This has shattered the perimeter defense concept and forced the security team to spend most of its time searching for threats that have already penetrated the organizational walls.
Thus, today, when confronted with a breach, as well as taking a more proactive approach (more on this in Chapter 3, How to Organize an Incident Response Team), more and more enterprises are aware of the importance of Digital Forensics Incident Response (DFIR) strategies. These specialist investigation techniques are used to more effectively hunt for more sophisticated malicious entities hiding in the infrastructure, as well as providing the right tools to detect and remediate compromises as soon as possible.
Despite some progress in this area, the following statistics from IBM show us why we need to continue to invest in and evolve our IR processes; the cost of a breach, on average, is astronomical, as shown by IBM’s analysis in Figure 2.2. Please keep in mind that 2020 was a more extraordinary year, where organizations needed to deal with the COVID-19 pandemic alongside normal security protocols:
Figure 2.2: IBM cost of data breach statistics
Now, you can review the IBM statistics in the following figure, and compare them to the costs detailed in the breach report in Figure 2.2:
Clearly, by investing in this book and learning IR, you are on the right path for yourself and your organization.
As you have learned by now, due to the continued evolution of attackers’ techniques and methods, it is no longer a question of whether you will experience an incident, but rather when. Moving forward, readers are encouraged to communicate this to senior management since IR requires approval and input from every business unit. In the next section, we’ll take a look at how IR imposes some challenges on the teams tasked with the process.
IR is a fairly challenging process, and IR teams meet a fair share of challenges when carrying it out. Every organization is susceptible to attacks, yet it is upon IR teams to ensure the protection of the organization, its healthy reputation, and customer trust, and moreover ensure that a similar threat will not reoccur in the future.
When a security incident occurs, confusion might hit organizations, especially if they have never handled similar security events before. An informed IR plan guides organizations, regardless of prior experiences, on how to handle each aspect of an incident. IR also mitigates the effects of a security event, to ensure minimal damage and fast recovery of key business processes. Therefore, depending on the stage of an attack or intrusion, the IR plan will detail the steps that must be taken to ensure the best outcomes for the organization. Without this guiding tool, the organization would find it hard to systematically contain any security event.
However, there are still many issues that arise in the wake of an attack that an IR team will need to effectively counter. The following section will detail some of the main challenges facing IR teams. We’ll start by considering the importance of protecting the company brand.
One major challenge facing IR teams is protecting their organization’s brand, as IT security is closely tied to the reputation and valuation of an organization. As observed in recent breaches, poorly handled security incidents hurt the brands of the affected companies. For instance, Yahoo’s valuation dropped by 350 million US dollars after a hack in 2017 that was reported to have affected one billion users. Similarly, a report by Kacy Zurkus indicated that the common aftermath of security breaches in organizations is a decrease in stock price.
Zurkus’ article can be accessed here: https://www.infosecurity-magazine.com/news/companies-stock-value-dropped-1/.
Zurkus estimated the average drop of stock value to be 7.5%. However, security incidents, if correctly handled, might not have such a dramatic effect on the brand of the company. Due to effective incident management, Sergei Klebnikov reports that big-name companies that have been victims of security breaches mostly recover and outperform the market in as little as six months after the breach.
Klebnikov’s article can be accessed here: https://www.forbes.com/sites/sergeiklebnikov/2019/11/06/companies-with-security-fails-dont-see-their-stocks-drop-as-much-according-to-report/#29da9aed62e0.
Examples of post-incident activities in such companies might include more optimized customer relationship management, to ensure that the existing clientele is retained and new customers are strategically acquired. Thus, IR faces a crucial challenge in providing ways that the organization can prevent negative publicity as a result of cyber-attacks, and thereby maintain or increase its market share.
As you can see in Figure 2.4, many well-known corporations have experienced cyber incidents or been hacked:
Figure 2.4: Organizations that have fallen victim to cybercrime
As goes the popular phrase:
“There are two types of organizations: the ones that know they’ve been hacked and the ones that don’t.”
To contunie n reading the article please browse to part 3. In Part 3 we will cover the below topics:
- Preventing future breaches
- Preparing for attacks
- Developing cyber resilience
- Assessing security safeguards
- Aiding investigations and legal prosecutions
- Bringing the organization together during crises
- Ensuring the integration of security initiatives
- Improving the overall security stature of the organization
- Why do we need incident response?
- Tips
Incident Response (IR) is the approach used to manage security incidents in order to reduce the damage to an organization and improve the recovery of affected services or functionalities. IR activities follow a plan, which is the set of directions that outline the response procedures and the roles of different team members. IR has become a necessity for organizations facing rising threat levels, and this chapter discusses its importance.
With the focus of this article being the evolution and then the challenges of IR, we’ll begin by looking at how IR has evolved with threats and advancements in technology. We’ll then look at the challenges that IR teams face today, especially with the tasks of assessing current levels of security in the organization, anticipating and protecting systems from future threats, being involved in legal processes relating to cyber-attacks, uniting the organization during crises, and integrating all security initiatives. We’ll cover the following main topics:
We’ll begin by exploring some recent history, and how IR has evolved over time.
With the prevalence of 24-hour connectivity and modern advancements in technology, threats are evolving rapidly to exploit different aspects of these technologies. Any device is vulnerable to attack, and with the Internet of Things (IoT) this became a reality. The IoT has seen increased usage of digital communication and the increased transfer of data via digital platforms increases the risk of data interception by malicious individuals. Pervasive surveillance through digital devices is also a recent threat with the increased use of smartphones. Governments can now engage in digital surveillance of their citizenry with the excuse of providing security against potential terrorist threats. Criminals can also do similar tasks to the detriment of the targeted victims. In 2014, ESET, an internet security company, reported 73,000 unprotected security cameras with default passwords.
In very simple terms, the attack surface is the collection of all potential vulnerabilities that, if exploited, can allow unauthorized access to the system, data, or network. These vulnerabilities are often also called attack vectors, and they can span from software to hardware, to a network, and to users (which is the human factor). The risk of being attacked or compromised is directly proportional to the extent of attack surface exposure. The higher the number of attack vectors, the larger the attack surface, and the higher the risk of compromise.
Just to give you the extent of an attack surface and its exposure, let’s look into MITRE’s Common Vulnerabilities and Exposures (CVE) database, here: https://cve.mitre.org/cve/. The database provides a list of cybersecurity vulnerabilities that have been targeted in the past, to make organizations aware of them should they use the same software or hardware systems. It has 108,915 CVE entries at the time of writing, which have been identified over the past few decades. Certainly, many of these have been fixed, but some may still exist. This huge number indicates how big the risk of exposure is.
Any software that is running on a system can potentially be exploited using vulnerabilities in the software, either remotely or locally. This applies particularly to software that is web-facing, as it is more exposed, and the attack surface is much larger. Often, these vulnerable applications and software can lead to the compromise of the entire network, posing a risk to the data it is managing. Furthermore, there is another risk that these applications or software are often exposed to: insider threat, where any authenticated user can gain access to data that is unprotected due to badly implemented access controls.
An attack surface may be exposed to network attacks that can be categorized as either passive or active, depending on the nature of the attack. These can force network services to collapse, making services temporarily unavailable, allow unauthorized access to the data flowing through the network, and other negative business impacts.
In the event of a passive attack, the network might be monitored by the adversary to capture passwords, or to capture sensitive information. During a passive attack, an attacker can leverage the network traffic to intercept communications between sensitive systems and steal information. This can be done without the user even knowing about it. Alternatively, during an active attack, the adversary will try to bypass the protection systems using malware or other forms of network-based vulnerabilities to break into the network assets; active attacks can lead to the exposure of data and sensitive files. Active attacks can also lead to Denial-of-Service (DoS) type attacks. Some common types of attack vectors are:
To find out more about this topic, I would highly recommend that you download and read Verizon data breach reports: https://enterprise.verizon.com/resources/reports/dbir/.
According to the Verizon breach report, hackers’ tactics and motives have not changed much over the last 5 years, with 63% of breaches launched for financial gain, and 52% of breaches featuring hacking. Ransomware attacks account for nearly 24% of attacks involving malware, and breaches continue to take a long time to be detected, with 56% taking several months or longer to be discovered. And typically, by the time the breach has been discovered, the damage has already been done.
The Verizon data breach report should catch your attention in three areas. Knowledge of these areas will help you to build a better IR plan, which we will cover later in this book:
1, Misconfigurations are the fastest-growing risk that you need to address
2. Vulnerabilities are more often than not patched too slowly, leading to breaches
3. Attacks against web applications are now the fastest-growing category
To combat the many threats facing an organization’s attack surface, modern IT security defense should be a layered system: a single-layer approach to security is simply not enough anymore. In the event of a network breach, the victim individual or organization can sustain huge damage, including financial and operational implications, and loss of trust. In the recent past, the number of breaches has increased for various reasons. The attack vectors for these breaches could be many, such as viruses, Trojans, custom malware for targeted attacks, zero-day-based attacks, or even insider threats.
With every passing day, the network of connected devices is increasing, and, while this growth of connectivity continues to grow bigger, the risk of exposure is also increasing. Furthermore, it is no longer dependent on how big or small businesses are. In today’s cyberspace, it is hard to establish whether any network or application is prone to attacks, but it has become extremely important to have a sustainable, dependable, and efficient network system, as well as applications. Properly configured systems and applications will help reduce the risk of attack, but we might not ever be able to eliminate the risk of attack completely. However, this book will attempt to relay insight into the world of cybersecurity, highlight the dangers that digital networks and technology pose to individuals and companies, and provide guidelines on how to better prepare for such threats.
Now, having established the cybersecurity landscape and the relevance of the attack surface, let’s move on to a key element of this book: what is incident response?
What follows is a relevant excerpt, which indicates the various factors that shape an organization’s attack surface:
The general notion regarding the origin of hacking is that it started in the 1960s, around the time of the invention of modern computers and operating systems. To disprove this notion, let’s next briefly explore the history of data breaches, to develop an idea of the context behind the modern attack environment.
Data interception associated with hacking activities goes as far back as 1836, when two persons were caught intercepting data transmissions in a criminal manner.
During the last decade of the 1700s, France implemented a national data network, which was one of a kind at the time, to transfer data between Paris and Bordeaux. It was built on top of a mechanical telegraph system, which was a network of physical towers. Each tower was equipped with a unique system of movable arms. The tower operators would use different combinations of these arms to form numbers and characters that could be read from a similar distant tower using a telescope. This combination of numbers and characters was relayed from tower to tower until it reached the other city. As a result, the government achieved a much more efficient, speedier mechanism of transferring data.
Interestingly, all this happened in the open. Even though the combinations were encrypted and would’ve required an experienced telegraph operator to decode the message at the far end to bring up the original message, the risks were just around the corner. This operation was observed by two bankers, Francois and Joseph Blanc. They used to trade government bonds at the exchange in Bordeaux, and it was they who figured out a method to poison the data transfer and obtain an indicator of current market status, by bribing the telegraph operators. Usually, it took several days before the information related to bond performance reached Bordeaux by mail. Now, they had an advantage to get that same information well before the exchange in Bordeaux received it.
In a normal transmission, the operator included a backspace symbol to indicate to the other operator that they needed to avoid the previous character and consider it a mistake. The bankers paid one of the operators to include a deliberate mistake with a predefined character, to indicate the previous day’s exchange performance, so that they could assume the market movement and plan to buy or sell bonds. This additional character did not affect the original message sent by the government, because it was indicated to be ignored by the receiving telegraph operator. But this extra character would be observed by another former telegraph operator who was paid by the bankers to decode it by observing through a telescope.
Using this unique information related to market movement, the Blanc brothers had an advantage over the market for two years, until they were caught in 1836. The modern equivalent of this attack would perhaps be data poisoning, a man-in-the middle attack, misuse of a network, or social engineering. However, the striking similarity is that these attacks often go unnoticed for days or years before they get caught. Unfortunately, the Blanc brothers could not be convicted as there were no laws under which they could be prosecuted at that time. Maybe the Blanc brothers’ hack was not so innovative compared to today’s cyber-attacks, but it does indicate that data has always been at risk. And, with the digitization of data in all shapes and forms, operations, and transport mechanisms (networks), the attack surface is huge now. It is now the responsibility of the organization and individuals to keep the data, network, and computer infrastructure safe.
Let’s fast-forward another 150 years, to 1988. This is when the world witnessed the first-ever computer virus—the Morris worm. Even though the creator of the worm, Robert Tappan Morris, denied the allegation that it was intended to cause harm to computers, it did, indeed, affect millions of them. With the intention of measuring the vastness of the cyber world, Morris wrote an experimental program that was self-replicating and hopped from one computer to another on its own.
It was injected into the internet by Morris, but, to his surprise, this so-called worm spread at a much faster rate than he would have imagined. Within the next 24 hours, at least 10% of internet-connected machines were affected. This was then targeted to the Advanced Research Projects Agency Network (ARPANET), and some reports suggested that the number of connected computers at the time was around 60,000. The worm exploited a flaw in the Unix email program Sendmail, and a bug in the finger daemon (fingerd). Morris’ worm infected many sites, including universities, military organizations, and other research facilities. It took a team of programmers from various US universities working non-stop for hours to reach a solution. It took a few more days still to get back to a normal state. A few years later, in 1990, Morris was convicted by the court for violating the Computer Fraud and Abuse Act; unlike at the time of the Blanc brothers, when there was no law to prosecute, Morris was criminally liable.
Moving forward another two decades to 2010, when the world saw what it never imagined could happen in Stuxnet: an extremely coordinated effort to create a specifically crafted piece of software, which was purpose-built to target the Iranian nuclear facility. It targeted Industrial Control Systems (ICSes). This was designed only to target a specific brand and make of Siemens ICS, which manages the speed of centrifuges in a nuclear facility. It is presumed that it was designed to deliver onsite because the Iranian facility that it was targeting was air-gapped.
This was one-of-a-kind industrial cyber sabotage. The malware was purpose-built so that it would never leave the facility of the nuclear plant. However, somehow (there is still speculation as to how), it still made its way out to the internet. It took researchers many months after its discovery to figure out the working principle of the malware. It’s speculated that it took at least a few years to develop it to a fully functional working model. Since Stuxnet, we have witnessed many similar attack patterns in the form of Duqu and Flame, and it’s believed by some experts in this field that malware similar to these are still active.
Currently, we are seeing new variants of attack with new modus operandi. Their intent is to earn money by using ransomware or to steal data in order to sell or destroy it. Ransomware attackers use computer viruses to infect a computer, encrypting and locking information in the computer. They then ask for a ransom from the owners to regain access to their computers. Alternatively, attackers might use victims’ infrastructure to run crypto miner malware to mine cryptocurrencies.
Today, security has taken center stage, not only because the attack surface has increased for each entity, or the number of successful high-profile and mass attacks is more normalized, but because of the fact that each one of us knows that the need to secure data is paramount, irrespective of whether you are a target or not.
To read the rest please go to Article 2, here
Article 2 will cover
Modern cybersecurity evolution
Challenges facing incident response
Protecting the company brand
Preventing future breaches
Preparing for attacks
Developing cyber resilience
Read this article on Packt Web site,
Click here to read Incident Response related articles
Anyone can be hacked. It is just a matter of time. Even the right technology, e.g. the best firewall or anti-virus application, can fall short of protecting your system against cyber-attacks since cybercriminals are always in search of new methods and ways to infiltrate into systems. Responding to an incident quickly will help an organization to minimize its losses, decrease vulnerabilities, rebuild services and processes. Therefore, at this very moment, it is significant to know the best practices to respond to a successful cyber-attack.
Organizations should have skilled employees and sophisticated tools to identify the threats or to respond to and eliminate them. Without knowing the best practices of an incident response process, the organization will be an easy target for cybercriminals and be vulnerable to a cyber-attack.
This book will be a guideline for organizations on how to address and manage the aftermath of a cyber-attack, and how to control the cybersecurity breach in a way that decreases damage, recovery time and costs.
Cybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes.
In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks.
The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting.
Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere.
By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.
Cybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes.
In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks.
The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting.
Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere.
By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.
The experts who have contributed in the book, See the full list here
Amazon – click here
Packt – click here
Continue reading Incident Response Evolution and Current Challenges Part 1
Incident response in the cloud As we’ve already learned, an incident is a service disruption that impacts your customers and end users, regardless of where this is—be it a mobile device or the cloud! We’ve also learned that incidents can come in many different forms, ranging from performance slowdowns to system crashes or difficulties reaching your […]
After many months of very hard work , finally my new book ” Incident Response in the age of Cloud” for everyone who wants to learn how to identify a security incident and build a series of best practices to stop an attack before it creates serious consequences. Cybercriminals are always in search of new […]
Anyone can be hacked. It is just a matter of time. Even the right technology, e.g. the best firewall or anti-virus application, can fall short of protecting your system against cyber-attacks since cybercriminals are always in search of finding new methods and ways to infiltrate into systems. Responding to an incident quickly will help an […]
Experts of Incident Response Age Cloud Book
As most of you are already aware , later this year I will release a brand new book which is called ” Incident Response in the Age of Cloud” and like in many of my books I dedicate the last chapter to some world famous experts
In this book I will have :
Orin Thomas : (Microsoft )
Orin has written more than 40 books for Microsoft Press. He has also authored video- based training for Pluralsight and instructor led training for Microsoft Learning on datacenter and cloud topics. In his spare time, he is completing postgraduate research at Charles Sturt University focused on cloud security compliance accreditations.
Tyler Wrightson (Leed Cyber Security)
Tyler Wrightson is an author, speaker, teacher, instructor and a fanatic for anything security related. Tyler is also a huge fan of speaking in the third person and doesn’t find it creepy or narcissistic in the least.
Mark Simos (Microsoft)
Mark is Lead Architect in Microsoft’s Enterprise Cybersecurity Group where he focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and solutions. Mark’s has contributed to a significant amount of Microsoft cybersecurity guidance – most of which can be found on Mark’s List (check my previous post)
Brian Svidergol (Capital Group)
Brian Svidergol specializes in Microsoft infrastructure and cloud-based solutions around Windows, Active Directory, Microsoft Exchange, System Center, and Microsoft Azure. He holds the Microsoft Certified Trainer (MCT) and Microsoft Certified Solutions Expert (Cloud Platform and Infrastructure) and several other Microsoft and industry certifications. Brian has authored several books related to infrastructure and cloud technologies. When he isn’t working on technology projects, he enjoys family time, basketball, and gaming.
Grzegorz Tworek (Standard Chartered Bank)
Grzegorz likes to share his knowledge with other people, which results in publishing book and articles, active participation in scientific conferences or just telling others what he thinks about the IT. He is obsessed with Security and likes to travel a lot.
Hala ElGhawi (Standard Chartered Bank)
Hala has more than 13 years of experience in banking industry and she is passionate in Risk management, Controls, Information Security, Technology, Business Continuity Management, and IT Governance.
I hold a Master’s degree in Quality Management, and the BSc in Management Information Systems, and I am certified in PMP (Project Management Professional), ISO 27001 Lead Implementer, COBIT Foundation & COBIT Implementation in addition to having a diploma in Risk Management.
Emre Tinaztepe (Binalyze)
Emre is a cyber security expert who has been in the InfoSec field for more than 14 years. He specializes in reverse engineering, malware analysis, driver development, and software engineering. Emre is the founder of Binalyze LLC (www.binalyze.com), which develops next generation incident-response solutions.
Ozan Veranyurt (Sony)
Ozan is focusing on Cyber Security and Artificial Intelligence with a background in Computer Engineering and IT & Security Project Management. He is working on different uses of AI in the field of security academically. Currently he works as a Global Security Program & Project Manager.
Raif Sarica (DIFOSE)
After spending more then 23 years in Turkish Military , Raif recently joined DIFOSE as CIO. DIFOSE stands for Digital Forensic Services which is providing a superior level of investigative, consulting, and training services.
Sukru Durmaz (DIFOSE)
Şükrü is one of the leading experts in the field of cybercrime investigations on a global scale. He is an award-winning speaker & technical expert in worldwide conferences organized by INTERPOL, EUROPOL, FIEP, NATO, and OSCE.
Ahmed Nabil (Standard Chartered Bank)
Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences and author. Ahmed was awarded by Microsoft as Most Valuable Professional as well as Regional Director. Beside Microsoft he has several awards from EC Council and magazines.
George Balafoutis (Microsoft)
An expert in cybersecurity, George Balafoutis works for Microsoft’s Global Cybersecurity Practice as a Cybersecurity Architect. He leads the company’s Worldwide Cybersecurity Champion program
George holds an MBA from The University of Chicago Booth School of Business, MSc in Computer Science from Northern Illinois University, and BSc in Mathematics from the National University of Athens.
He also holds the cybersecurity industry’s main certifications – GCIH, CRISC, CISM, CISSP, and GAWN among others.
There is not much to go 🙂
Coming soon
Incident Response in the Age of Cloud by Dr Erdal Ozkaya
And here is the “planned ” cover of my new book, I hope you will like it as much as I did.
The book is planned to be published in August 2020 , and as usual I will have Ask The Expert Section with really big names from the industry, some work for Microsoft DART team, some are in the industry for more then 15 years and some of the experts published many books , please give me bit more time before i announce their name…
Cryptolocker and Incident Response
This webinar will be hosted by Turkeys biggest IT Community Cozum Park in Turkish
Bir Saldırının Anatomisi: Cryptolocker
Son zamanlarda COVID-19 pandemi salgını nedeniyle evden ve uzaktan çalışma zorunluluğuna en fazla sevinenler hiç şüphesiz siber saldırganlar oldu. Özellikle siber güvenlik konusunda gerekli ve yeterli önlemleri almayan KOBİ’lere saldıran siber korsanlar önce sistemlere sızdılar ve daha sonra sistemdeki tüm verileri erişilmez hale getirdiler. Daha sonra ise astronomik miktarda Bitcoin olarak fidye talep ettiler.
Yaşadığımız olay müdahalelerinde saldırganların izini sürdük ve bu saldırıları nasıl planlayıp ne şekilde sonuca ulaştırdıklarını tek tek tespit edip ortaya çıkardık. Bu saldırıların kurbanı olmamak için nelere dikkat etmeliyiz? Ne tür tedbirler almalıyız? Konunun uzmanları olarak bu etkinliğimizde tüm detayları sizlerle paylaşacağız.
ETKİNLİK TARİHİ VE SAATİ
03.06.2020 14:00 – 03.06.2020 15:00
Online / Istanbul / Turkey
08508001484
#cozumparkwebcast
https://www.erdalozkaya.com/category/free-events/
Cryptolocker and Incident Response – Free Webinar 3/6/21 :
Continue reading Cryptolocker and Incident Response – Free Webinar 3/6/21 :