WHY WOULD I BE TARGETED?
There are numerous reasons an organization could become a target of a coordinated attack. Direct financial incentive is typically the most likely, either through direct theft or ransomware. Other reasons include corporate espionage, including theft of trade secrets and other intellectual property.
WHAT DOES A BULLETPROOFS CYBER INCIDENT RESPONSE TEAM DO?
Once we confirm that your incident is in fact a security compromise, our team will engage and apply expert strategies and techniques that properly identify compromised systems, recover lost or locked data, provide investigation and containment of a breach, and rapidly remediate the incident. We also have experience in criminal, civil and corporate forensics investigations.
WHAT IS THE AVERAGE TIME BETWEEN COMPROMISE AND DETECTION OF THE COMPROMISE?
Approximately half a year. In fact, most organizations are made aware of a potential compromise through notification by an external party.
IS IT LIKELY THIS IS LIMITED TO A SINGLE COMPUTER?
While this does depend on the attackers’ motives, chances are it’s unlikely. An organization that is the victim of a targeted attack is likely to have multiple internally compromised resources. Unless properly identified and scoped, it’s highly likely that a partial remediation (of a single computer for instance) will only tip off a determined attacker that they’ve been noticed. A determined and skilled operation is likely to adapt and persist.