GDPR: Root cause analysis, cyber-attack reporting
This is the 7th in our blog series surrounding GDPR and technology – you can read all of the previous blogs in this series below. This blogging schedule is running in tandem with our GDPR & Technology event held in Newcastle, Manchester and London.
The GDPR & Technology event is designed to guide you through the journey to compliance, from uncovering what Personally Identifiable Information (PII) you hold to securing this sensitive data and then managing and reporting on it.
With cyber-attacks on the rise, increasing our understanding of how and where they occur is vital to protecting business critical data. Root cause analysis provides you with a clear report that highlights key areas of interest i.e. where the attack originated, once an attack such as Ransomware takes place.
Root cause analysis provides a clear picture of the attack, with the ability to drill down into further detail. This report is designed to be easy to read, understand and digest. Its graphical style is simplified so users can easily define exactly what occurred and when. It also allows businesses to become much quicker at incident responses.
The report shown below is a graphical representation of key information such as the beacon incident; this is where the system detected something was wrong or unusual. It’s at this point the attack is prevented from spreading any further. Any infected files are then rolled back to their original state.
The diagram shows a snapshot of the attack and its movements throughout the system. This particular report shows the activity of this malicious code.
The report tells us that the malware had written 200+ registry keys and attempted to establish 2 network connections externally, outside of the business. In addition to this it had spawned a number of files and even tried to connect to other machines on the network.
By using this report you are able to work your way back to the beginning of the attack (highlighted in red) showing where the attack came from – in this case it was Outlook. From here we are then able to drill down further, determining who the user was and defining the malicious email that caused the attack. Effectively we are then able to ascertain the link that triggered that particular attack.
If an attack does occur within your business and you need to report that breach to the ICO (Information Commissioner’s Office), by utilising this report you are able to say you’ve completed a root cause analysis, can see exactly what’s been touched and that a full deep clean of all systems has taken place.
To find out more about root cause analysis you can register for our GDPR & Technology event.