Indian Cyber Army serves its best in procuring cyber security incident response as it is certified organization that employs professional, ethical and highly technically competent individuals.
Dealing with cyber security incidents – particularly sophisticated cyber security attacks –ICA has developed cyber security incident response capability, which will enable Police, Investigation Agencies, Research Centers, Ethical Hackers, Industry Experts, Government Agencies, Academic Leaders & Individuals to adopt a systematic, structured approach to incident response.
There are many types of information (or IT) security incident that could be classified as a cyber security incident, ranging from serious cyber security attacks on critical national infrastructure and major organized cybercrime, through hacktivism and basic malware attacks, to internal misuse of systems and software malfunction.At one end of the spectrum come basic cyber security incidents, such as minor crime, localized disruption and theft.
At the other end we can see major organized crime, widespread disruption, critical damage to national infrastructure and even warfare. Some of the most common ways in which different types of cyber security incident can be compared are outlined in the table below – but they can vary considerably for any given incident, with many different groups attacking many different targets.
|S.No.||Topic||Basic cyber security incident||Sophisticated cyber security attack|
|1.||Type of attacker||Small-time criminals||Serious organized crime|
|Individuals or groups just ‘having fun’ or||State-sponsored attack|
|responding to a challenge||Extremist groups|
|Localized, community or individual|
|2.||Target of attack||General public||Major corporate organizations|
|Private sector||International organizations|
|Non-strategic government departments||Governments|
|Critical national infrastructure|
|National security / defense|
|3.||Purpose of attack||Financial gain||Major financial reward|
|Limited disruption||Widespread disruption|
|Publicity||Discover national secrets|
|Vendettas or revenge||Steal intellectual property of national|
|4.||Capability of attacker||Low skill||Highly skilled professionals|
|Limited resource||Extremely well resourced|
|Publicly available attack tools||Bespoke tools|
|Not well organized||Highly organized|
|Local reach||International presence|
|5.||Response requirements||Restore services||Tailored guidance for specialist industry|
|Special monitoring and organization||And specific capabilities|
|Some industry information sharing||Implications for government security|
|CNI sector-specific industry response|
The number of Cyber incidents is increasing rapidly, many of which are being used for corporate espionage or state-sponsored attack. These attacks follow the broad anatomy, but specifically comprise:
1. Intelligence gathering (e.g. conduct detailed research into a target).
2. Initial exploitation (e.g. carry out initial attack and establish foothold).
3. Command and control (e.g. achieve persistent access that can survive a re-boot of the system and move to new systems).
4. Privilege escalation (e.g. gain system administrator rights on target systems).
5. Data infiltration (e.g. gather and remove (or copy) target data).
In the commercial world (and often in governments), even large organizations can have significant difficulty in responding to cyber security incidents, particularly sophisticated cyber security attacks.