What is cyber incident and what are the different techniques of detecting cyber incident?
Cyber incident is a situation that happens through the use of an information systems or networks with the potential of causing adverse effects to computer systems, networks, incident control systems (ICS) and the information residing in the information systems. However, as opposed to data breach, cyber incident may not necessarily mean that information and information systems have been compromised, it rather means that the confidentiality, integrity and availability (CIA) of information is threatened.
Cyber incidents can occur when one or more of the following actions are taken on information systems:
- Attempting to gain unauthorized access information and information systems
- Unauthorized usage of information systems to process and store data
- Attempts to Unauthorized modification of systems firmware, hardware or software
- Unplanned outage, malicious disruptions and distributed denial of service or denial of service (DDoS/DoS)
Cyber incidents may happened due to one or more the following cyberattacks:
- Phishing attacks
- Ransomware
- System misconfiguration
- Viruses and worms
- Spyware and adware
- Trojan horse
- Distributed denial of service and Denial of service (DDoS/DoS)
- Covert channel or race condition attacks
- SQL and code injection attacks
- Malware attacks
- Social engineering attacks
- Credential theft
- So much more
The best strategy to deal with cyber incidents is to establish cyber incident response management (CIRM).