cyber-attack-blog-chakray
Security

How to react to a cyber-attack with WSO2 Identity Server

29th October 2019

Process and data security is one of the primary concerns of any business organization immersed in digitization. By 2024, incidences in this area, worldwide, will reach a cost of 5 billion dollars, according to the Technology Consultant Digital Juniper Research. This means that the increase is 11% with respect to the previous year, and that in the last 5 years the accumulated increase in the cost of cyberattacks and other threats has grown by 70%.

Next, we’ll learn what a cybersecurity attack is, how to act on one, and how to detect it. We will also explain the best preventive measures and how WSO2 Identity Server can be very useful against this type of attacks.

 

What should I do in the face of a cyber attack?

No matter how large or small a company’s size, any of its data and documents, as well as customer information, is susceptible to data breach or cyber attack. This would not only leave her exposed, but could also lead to serious damage with serious consequences. If our company is a victim of a cyber attack, the following measures should be considered to help minimize the damage:

  1. Stop the attack and preserve the evidence.

Speed of action can be key in the event of detecting a data breach from outside. Immediate actions that can be taken to attempt to contain a data breach include disconnecting all servers and computers from the Internet, disabling all remote access, checking that firewalls are active, and installing any pending security updates to the systems.

Although it is common to try to delete all data after the cyber-attack, it is preferable to evaluate in advance which servers have been compromised and contain them as quickly as possible to ensure that other servers or devices are not infected as well. On the other hand, preserving the evidence of the attack will serve to verify how the violation occurred and who was responsible for it.

 

  1. Modify passwords.

Passwords that have been affected or are now vulnerable must be changed, creating new and secure passwords for each account and service.

  1. Assess the extent of the cyber attack.

Determining what caused the security breach helps prevent the same type of attack from happening again. When establishing the scope, it is important to distinguish whether the attack we have suffered is part of a larger attack or whether we are the only victim. We must ask ourselves who has access to the infected servers, what network connections were active when the breach occurred, and how the attack was initiated.

Verifying the security data logs through the firewall can help us know precisely how the violation began.  Also email providers, antivirus program or intrusion detection system. The option of making an investment to hire the services of a company specializing in the analysis of cyber attacks should be considered. On the other hand, the damages affected by the violation must be identified, including the employees themselves, customers and external suppliers.

  1. Manage the consequences of the attack inside and outside the organization

It is imperative to notify managers and employees that this security breach has occurred, so that everyone is aware of the seriousness of the event and constant communication about the attack can be established. In the case of having specific liability insurance for these purposes, the insurance company must be notified.

For clients, consultation with legal counsel may be necessary to determine the best way to inform them. Special emphasis should be placed on being transparent, with a specific special action hotline to respond to issues raised by those affected.

In the future, perform frequent security checks to help reduce the likelihood of a future incident occurring again.

 

How WSO2 Identity Server can help me safeguard the security of my data

WSO2 Identity Server is an open source IAM product specializing in access management, including identity management, SSO, strong and adaptive authentication, account management and identity provisioning, as well as API and microservice security and privacy regulation.

Adaptive authentication is an evolved form of MFA in which authentication steps can be configured and implemented in such a way that the system decides which steps to evaluate during the authentication process based on the user’s risk profile and behavior. This means that if the risk level is high, the authentication layers can be reinforced, while if it is low, several authentication layers can be ignored.

By default, the WSO2 Identity Server is sent with username/password-based authentication. Authentication security can be enhanced by adding additional authentication steps. WSO2 Identity Server allows you to configure multi-step authentication in which you can define an authentication string containing different authenticators in different steps. WSO2 Identity Server also supports multi-factor authentication, with authenticators available for SMSOTP, FIDO, MEPin and more.

identity-blog