Saturday, October 21, 2017

Cybercrime Bill 2017

parlThe Cybercrime Bill 2017 was introduced in the House of Representatives on May 6 2017 to create punishable offences and empower the Court.

 

The law is coming to Cybertown. The Cybercrime Bill 2017 was introduced in the House of Representatives on May 6 2017.  The Bill will create punishable offences and empower the Court.  Punishable offences will include  “a body corporate offense”, meaning that a corporate body that fails to exercise due diligence to prevent the commission of the offence will ALSO be liable for the offense.

The Court will ask, “Was due diligence exerted ?” 

With increased connectivity, organizations are exposed to significant risks that they are often unprepared to face.

Law enforcement alone can’t be the end all in responding to a cybercrime incident.   Cybercrime lives in a virtualized environment that is constantly changing.  The private sector is on the front-lines pioneering protection and incident response strategies.

If your organization experiences a cyber security breach, or suspects a cyber security breach, are you going to call law enforcement or third party cyber security consultants each time?

Is law enforcement or a third party cybercrime consultant also going to  provide security remediation, implementation, and ongoing network monitoring?  Not to mention attacker attribution, cyber threat intelligence analysis, and future risk remediation?

Using third party cybercrime consultants can be beneficial when high-end forensic expertise is required, but the internal expense cannot be justified each an every time you experience a cyber security breach or suspect one has occurred.

Our training will provide you with a solid internal understanding of the investigative process.  External vendors do not have intimate knowledge of your infrastructure, they do not know your high-value-targets, and you have to question whether your long term security is in their best interest or their short term paycheck.

Someone, with vested interest in the long-term health of your company should, at least, understand the nature and business impact of the incident.  Otherwise, you are making decisions blindly, completely dependent on the findings of some analyst who doesn't know you or your company and your unique needs.  

Outside cyber security consultants may find malware and may be able to automatically push a software patch but that is just the tip of the iceberg.  Cybercrime is one of the biggest and most impactful risks facing modern corporations and to outsource it completely without making a sincere effort to understand it internally is doing your company an injustice.  Furthermore, many incidents require a very fast turnaround to avoid potential disaster.

For example, Cryptolocker malware will encrypt all local and shared drives and demand ransom within 3 days prior to permanently encrypting all of your data, or Shamoon was time-bomb worm malware that waited for a period of time to infect the internal network prior to permanently destroying 30,000 computers on Saudi Aramco's internal network.  

Will remote law enforcement and third party consultants be responsive enough to fly in on a moment's notice and field these extremely time-sensitive investigations for you?  

If not, then training some in-house personnel to handle emergency situations may be in your company’s best interests.  

Mindshare Resources' students will learn, hands on, how to handle computer forensic investigations from the initial notification of an incident, to evidence identification and forensic acquisition, to in-depth forensic analysis, and developing case reports and expert witness testimony; including how to handle network intrusion investigations, and malware identification and analysis.

 

For current live-training schedules click here.