Company:

Introduction:

In the fast-paced world of cybersecurity, no organization is immune to the ever-evolving threats that lurk in cyberspace. As a SOC Information Analyst Level 1 intern, I had the unique opportunity to experience the firsthand challenges and responsibilities that come with handling a cybersecurity breach incident. In this post, I want to share my account of an incident where an employee fell victim to a phishing attack, how my team and I responded to the breach, and the valuable lessons we learned along the way.

The Breach:

It all started with a seemingly innocent click. An employee inadvertently clicked on a phishing link posing as Microsoft 365 SSO page, providing their company email account information to an unknown adversary. This simple act set off a chain of events that put our organization's security at risk. As an intern, I was given the opportunity to take the lead in responding to the incident, working closely with two other team members.

Analyzing the Threat:

Upon detecting the breach, our first task was to analyze the malicious link and landing page in our air gapped forensic lab. By dissecting the elements of the attack, we gained crucial insights into the adversary's tactics and intentions. This analysis helped us understand the potential impact on our organization's systems and data.

Taking Action:

Swift action was crucial to containing the breach and minimizing its impact. We immediately collaborated with our organization's IT team and implemented the necessary email and IP blocks on Proofpoint, our email security platform. This step ensured that the malicious email didn't reach other employees, thus preventing further compromise.

Alerting the Company:

Effective communication is essential in a cybersecurity incident. We promptly alerted the entire company about the breach, emphasizing the importance of vigilance and the potential consequences of falling victim to phishing attacks, with a strong emphasis on NOT clicking the link. By continually educating our colleagues about incidents, we aim to create a culture of cybersecurity awareness and encourage responsible digital behavior.

Following up with Employees:

To mitigate any potential damage caused by the breach, we needed to identify and support the employees who had entered their information on the phishing page. With utmost sensitivity, we reached out to these individuals, offering guidance on securing their accounts, changing passwords, and recognizing future phishing attempts. Our focus was not to blame or shame but to empower our colleagues to protect themselves.

Reformatting Laptops:

In cases where employees' laptops had been compromised, we made the decision to reformat those machines. This step was done by our internal IT team to ensure the complete removal of any lingering malware or backdoors, effectively neutralizing the threat. As well as providing support and guidance to affected employees, helping them restore their data and applications while reinforcing best practices for safe computing.

Lessons Learned:

The incident served as a valuable learning experience for our entire team, including myself as an intern. Here are some key takeaways we gained from this breach:

• Continuous Education: Cybersecurity awareness and training should be ongoing, emphasizing the evolving nature of threats like phishing attacks.

• Incident Response Planning: Every organization must have a well-defined incident response plan in place, enabling swift and coordinated actions when a breach occurs.

• Collaboration and Delegation: Delegating tasks among team members, according to their strengths and expertise, ensures a more efficient response to cybersecurity incidents.

• Proactive Defense: Implementing advanced security measures, such as email filters and regular system updates, can help prevent and detect phishing attacks.

Conclusion:

Navigating a cybersecurity breach as an intern was a transformative experience that exposed me to the realities of the ever-present threats organizations face in the digital landscape. By actively responding to the incident, collaborating with my team, and taking proactive measures, we were able to contain the breach and reinforce our organization's security defenses. This experience served as a powerful reminder of the importance of continuous education, incident response planning, and a proactive defense posture. As I continue to grow in my cybersecurity journey, I am equipped with invaluable lessons and a deepened commitment to safeguarding our digital world.