A new report jointly prepared by five international government cybersecurity agencies provides one of the best and latest overviews of how any organization, including healthcare businesses, can detect malicious activity targeting their computer systems, as well as how to recover from and prevent hacks. Plainly named the " Joint Cybersecurity Advisory," it was published September 1, 2020 to provide "technical approaches to uncovering and remediating malicious activity."
Who published the report?
The relatively brief 14-page advisory was jointly prepared by the Australian Cyber Security Centre ( ACSC), Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre ( NZ NCSC), New Zealand CERT NZ, United Kingdom National Cyber Security Centre ( UK NCSC), and the United States Cybersecurity and Infrastructure Security Agency ( CISA). It encompasses the results of a collaborative research effort to help organizations enhance incident response and to serve as a playbook for incident investigation.What are the key takeaways?
The Joint Cybersecurity Advisory focuses on three main steps to deal with security incidents:- Collecting evidence
- Implementing security fixes
- Seeking independent, credible third-party expertise to assist in the response
What are best practices for incident response?
Organizations should enlist a variety of technical approaches to detect and address malicious activity, including five critical steps:- Searching for indicators of compromise (IOCs), starting with known indicators disclosed and defined by a broad variety of cybersecurity authorities, while preemptively reviewing them for potential false positives.
- Analyzing the frequency and location of computer and network activities, comparing recent traffic and other patterns to a large-scale baseline of normal activity established prior to the suspected attack.
- Looking for new patterns among data, including repetitive patterns that can indicate automated mechanisms like scripts and other malware, or activity that matches likely human routines that are out of sync with normal use.
- Looking for anomalies like increased errors or exceptions reported in system logs, missing or incomplete audit information, or unique values for otherwise known and homogenous data.
