SCENARIO: The CEO of a government contracting firm was notified that an auction on the dark web was selling access to their firm’s business data, which included access to their military clients database. The CEO rapidly established the data being ‘sold’ was obsolete, and not tied to any government agency clients. How did this happen? The firm identified that a senior employee had downloaded a malicious email attachment, thinking it was from a trusted source.
RESPONSE: The company’s IT management immediately shut off communications to the affected server and took the system offline to run cybersecurity scans of the network and identify any additional breaches. The firm’s leadership hired a reputable cybersecurity forensics firm. Each potentially impacted government agency was notified. The U.S. Secret Service assisted in the forensics investigation.
Question:
– Knowing how the firm responded, what would you have done differently?
– What steps could have been taken by the firm to prevent this incident?