Up-to-date studies and surveys regarding IT security show, that companies of every size and branch nowadays are faced with the growing risk of cybercrime. Many tools, standards and best practices are in place to support enterprise IT security experts in dealing with the upcoming risks, whereas meanwhile especially small and medium sized enterprises (SMEs) feel helpless struggling with the growing threats. This article describes an approach, how SMEs can attain high quality assurance whether they are a victim of cybercrime, what kind of damage resulted from a certain attack and in what way remediation can be done. The focus on all steps of the analysis lies in the economic feasibility and the typical environment of SMEs.
I. MOTIVATIONTime and again, we find the same common denominator across cybercrime investigations: Digital evidence and breach indicators were present in the environment long before the victim became aware of the breach. Had those breach indicators been recognized earlier, the victim could have intervened and minimized risk.Transnational criminal enterprises often maintain remote access to the target environment for six to 18 months before they are detected. Our experience suggests that many state-sponsored cyber intrusions result in lingering unfettered access for many years, which in some cases is never detected. When it is discovered, recognition of advanced cyber intrusions does not typically come via in-house technology, processes, or people, but rather through third-party tipsters such as domestic law enforcement, intelligence sources, customers, or business partners.Many companies might be affected by cyber threat without knowing about it; thus, responsibles of SMEs assume their IT is safe because of not getting any notification about attacks or threats. Therefore many attacks remain undetected. Additionally, outsourcing of IT services can lead to misestimation of security risks. In general awareness of the feasibility of cyber threats is rising while at the same time many enterprises are still not aware of the extent of the negative impacts of being attacked [1], [2]. Companies consider the risk of a cyberattack lower than e.g. rising greenhouse gas emission and estimate the impact lower than e.g. severe income disparity or chronic fiscal imbalances. See figure 1 on page 3 for further details.Today's advanced cyber threats are two-pronged: to steal targeted data or disrupt services and to maintain access to the environment for as long as possible, thus enabling future intrusions. These threats apply to all industries, not just those that deal with payment cards or personal information. Companies that have proprietary data that is perceived to be of economic intelligence value or any company contemplating or already involved in international business transactions are likely targets as well as their external law firms. The future of cyber security is going to require an evolved philosophy that assumes a state of compromise. While awareness of the risks of cyber threat is rising in large ente...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.