Cybersecurity Assessment & Incident Response Case Study

Articles

Cybersecurity Assessment & Incident Response Case Study

Author photo
by Damon Hacker
Vestige Digital Investigations, President, CEO and Founder
MBA, CISA, CSXF, CMMC-RP

The recent Ohio Information Security Conference (OISC) in Dayton featured the latest best practices and approaches to cybersecurity. While it’s helpful to learn about the latest approaches to Cybersecurity, it’s even more important to understand actual, real-world applications.

The partnership between Vestige Digital Investigations and Secure Cyber Defense has yielded a number of successful Cybersecurity Assessments and development of corporation-wide Incident Response Plans to investigate and contain data breaches.

As an attendee of OISC, Secure Cyber Defense and Vestige Digital Investigations would like to share a recent case study featuring a medical practice dealing with a curious array of system-wide anomalies created by a number of hacking incidents.

Read the Case Study below and contact Vestige Digital Investigations and Secure Cyber Defense to bring your company a solid, proactive approach to securing your IT environment. As a team, we ensure that when the inevitable happens, your company is positioned for success!

Damon Hacker, MBA, CCE, CISA, CSXF
President & CEO, Vestige Digital Investigations

  Follow Vestige on Linkedin

CASE STUDY

Cybersecurity Assessment & Incident Response

The following case study highlights a matter for which Secure Cyber Defense and Vestige Digital Investigations were retained for Cybersecurity Assessment and Incident Response services respectively. This is a real matter that we have worked together, but the client information has been sanitized for privacy and confidentiality purposes.

Scenario

Secure Cyber Defense was hired by a medical practice to perform a Cybersecurity Assessment. During the assessment they discovered the client had some liberal firewall settings. These were pointed out along with recommendations for remediation at the completion of the audit. However, the client did not fully comply with the suggestions.

The Incident

Fast forward several months. One of the client’s users noticed some odd behavior on her computer, including errant mouse movements and things not arranged the way she had left them.

The client noticed and reported the anomalies relatively quickly to their I.T. company first, who called Secure Cyber Defense. Seeing the nature of the situation, Secure Cyber Defense contacted one of their Premier Partners, Vestige Digital Investigations, Experts in Incident Response and Digital Forensics.

Vestige worked hand-in-hand with Secure Cyber Defense to pull appropriate logs. Then Vestige preserved the memory and hard drives of the device, and performed a comprehensive Incident Response Analysis.

Findings & Results

Through conducting our cyber security incident response, Vestige found evidence of three attempts at hacking into a particular end-user’s computer from Nigeria. The attacker used the built-in remote desktop feature to gain virtual access to one of the client’s computers. This occurred because of the aforementioned firewall exceptions were not corrected by the client.

Vestige also uncovered that the client was not preserving or managing their log files properly and were using manufacturer default settings. As a result, Vestige had to rely much more heavily on other artifacts and circumstantial evidence. This created a slight delay and increased analysis cost for the client. But, in the end, based on the digital evidence found, Vestige was able to prove that no data was exfiltrated from the client’s system.

Unfortunately, the client did not have proper log management and providers in place to capture the all appropriate digital artifacts. Fortunately, because they acted quickly and called the right resource, Secure Cyber Defense whom they had a pre-established relationship with, Secure Cyber was then able to recommend Vestige’s data breach cybersecurity services. The two company’s combined their unique talents to answer the critical questions of why their system was hacked, where it was being hacked from, and whether their data had been stolen or not.

Lessons Learned

  • Every organization regardless of size and the type of data they have is a potential cyber incident or breach victim.
  • Constant vigilance in regard to putting into place proper cybersecurity controls can prevent or at least significantly help
    detect issues.
  • Taking recommendations seriously and remediating the gap is critical.
  • Having a process to collect and manage appropriate logs and digital artifacts is essential.
  • Most importantly, having a pre-established relationship for both proactive and reactive security providers, such as Secure
    Cyber Defense and Vestige Digital Investigations, helps lead to a more secure environment and the ability to detect and
    react to a threat very quickly and cost-effectively.

Printable PDF – Case Study

RELATED RESOURCES:

BLOG – Third Party Suppliers Create Weak Link in Cybersecurity Programs

BLOG – A Comprehensive Data Breach / Incident Response Plan is Crucial in Today’s Digital World

BLOG – Data Privacy – Attaining & Maintaining Compliance

OISC 2019
It was nice to see those of you who attended the 2019 Ohio Information Security Conference held March 13 at Sinclair Community College’s Ponitz Center, Dayton, Ohio. Vestige and Secure Cyber Defense co-sponsored a booth. If you couldn’t make it, we hope you were able to gather valuable information from this blog and call us to help your company navigate the new data security requirements. #OISC19

               

This site uses cookies, for more information, review our privacy policy.