Cyber Incident Response and Data Exfiltration
In the occurrence of a cyber-attack, a proper cyber incident response is required to handle the situation as effectively as possible. We live in a digital world, and cyber-attacks against businesses and institutions are growing in frequency and impact. Cyber incidents, once few and far between, have splashed the front pages of leading news outlets, and the business impact is dramatic and costly. Regardless of the source of the attack or the underlying motive, the end result is often the same: business disruption, significant public-relations damage, customer litigation exposure, and often a major financial loss.
The abundance of cyber risks and attacks have driven an explosive demand for data breach analysis and ransomware removal experts and services. There is a misconception that the existence of cyber insurance may help mitigate problems, but in reality, identifying the root cause of the cyber incident is still necessary for most insurance policies. On top of that, a proper investigation is critical to fully understand data lost or the access level achieved by the bad actor and finalize an internal response plan.
Cyber Incident Response Plan
Data Breach Investigations
A data breach occurs when a cybercriminal, or bad actor, successfully exfiltrates or steals classified data, such as Personal Identifiable Information (PII), Personal Financial Information (PFI), or Personal Health Information (PHI) from an organization.
When a cybersecurity incident occurs, like a data breach, Envista immediately begins a cybersecurity investigation and determines if there is evidence that an organization was in fact successfully attacked by a cybercriminal and data was exfiltrated. The assessment of the compromise includes multiple steps in establishing the type of attack, how the attack took place, the extent of the damage, what may have been compromised, and what that means for the insured and other affected parties.
Envista's cybersecurity analysts utilize the most technologically advanced software, tools and expertise to respond, collect, preserve, and analyze digital evidence to uncover the root cause of cyber incidents.
Data Breach Incident Response Plan
During an investigation, our experts can determine and find answers to questions such as:
- How did the breach occur?
- When did the incident take place?
- What data was compromised?
- Was the attack targeted or indiscriminate?
- Where did the confidential information, trade secrets or customer information go?
- Who is behind the attack or loss?
- Who is responsible for security failures?
Once the cybercrime has been accurately diagnosed, our team of cybersecurity and digital forensics experts then analyze digital evidence and determine if the data loss can be recovered by performing a data exfiltration analysis – at this stage of the investigation, our experts are engaged to determine how the data was stolen, if there is evidence the data is still being stolen, and the total exposure.
Types of Data Breaches
Our team has investigated losses spanning multiple industries from legal, to corporate, to manufacturing to small business. Breaches occur to any and all types of businesses across the globe. Our team can assist corporations, breach coaches, attorneys, claim professionals and others with investigations surrounding:
- Trade secret/intellectual property theft
- Internet libel/content injury
- Extortion
- Cryptocurrency
- Network loss or damage/hacker malfeasance
- Business interruption
- Accidental loss
- Internal usage policy violations
At Envista, we believe our expertise is best utilized in the context of your data breach response team. To that end, we are available to help you, or your clients, prepare your response plan, and be positioned as trusted advisers on your team; well-prepared to respond with computer forensics analysis when needed. The application of a sound forensics analysis is a critical component to any defensible cyber response.
Data Exfiltration Analysis
Data exfiltration occurs when a cyber-attack was successful and organizational data has been compromised. In this stage of a data breach investigation, our experts are engaged to determine how the data was exfiltrated, if there is evidence the data is still being stolen, and the total exposure, including the total number of client personal records that have been stolen.
It is essential to distinguish the extent of data theft, since fines and penalties are levied against the organization based on the total number of records (PII, PHI, and/or PFI) that have been compromised. A handful of records typically cost an organization only a few thousand dollars, whereas a major breach with hundreds of thousands of records lost can cost millions.
Our cybersecurity analysts understand the techniques used by malicious bad actors to obtain data and carry out acts of data exfiltration. Once we determine the impact and scope of damage, and what type of technology was involved in the attack, we can then investigate the type of infection or breach and level of access reached by the bad actor. Going through this process can help uncover what data was exfiltrated, viewed or lost, and what next steps need to be to get operations back up and running.
Types of Data Exfiltration Methods
- HTTPS downloads or uploads
- FTP sites
- Instant messaging
- Filesharing sites
- VPN
- Cloud storage uploads
- Steganography
- SSH and tunnelling
These types of attacks can be especially alarming for specific industries such as healthcare, finance, municipalities and government agencies. We’ve helped hundreds of claims professionals and litigation attorneys mitigate high-stake cybercrime.