When notified of a malware infection on a bank or customer system, it is the digital equivalent of being notified about a robbery. In a robbery situation, we would preserve evidence and investigate the crime. All too often in the digital world, we respond to malware infections with intentions to remove it and get the system back into production. When really, we need to enact our incident response plan and evaluate how we might have just been robbed – digitally.
It’s more difficult in a digital robbery to immediately identify if data or money were stolen. We should conduct a digital investigation to ensure the crime is still not occurring, identify what was stolen, and identify who stole it. Information must also be collected from the employees and clearly documented. This discussion will overview different types of incidents that are more frequent for financial institutions and illustrate how to prepare for them. The following are key focuses for our digital robbery discussion:
- Trending cybercrime and malware threats
- Examination of which IT systems are affected
- Breakdown of business process to explore who is affected
- Standard Incident Response Procedures
- Basic digital forensic