A security incident is an event that may indicate an attack on an organization’s system or network. It can also signal that security measures in place failed to protect one’s computer from an attack. Most security incidents involve unauthorized system access that may disrupt a target’s normal operations, violate policies, and expose sensitive data.
Outside computer networks, a security incident is comparable to a botched burglary. While the thieves may have been able to get into a target compound, they may have failed to open the safe.
Read More about a “Security Incident”
Every organization must be prepared to handle security incidents before these can turn into actual security events with serious repercussions.
What Security Incidents Could Lead To
According to the National Institute of Standards and Technology (NIST), security incidents can lead to any of the following:
- Malware infection
- Data breach
- Distributed denial-of-service (DDoS) attack
- Equipment loss or theft
- Unauthorized system or data access
- Destructive cyber attack
- Unauthorized data processing and storage
- Unauthorized alteration of the system software, firmware, or hardware
Security Incident and Security Event: The Difference
Security incidents and events differ primarily in terms of severity. Security incidents are unsuccessful attempts at infiltrating a target’s network. Most times, nothing of significant value gets lost to attackers. Despite the lower degree of severity, however, security incidents require action and remediation. Next time, the target may not be so lucky and the incident may turn into a security event (for instance, a data breach can cause actual disruption in the normal operations of an organization.)
A concrete example of a security incident is the failed phishing attack against the Democratic National Committee (DNC) in 2018. While the attackers may originally have intended to access voter profiles, they were unable to do so. The incident did not lead to a data breach.
But since there is always a risk of exposing confidential data in such attempts, security incidents must be addressed immediately to mitigate further damage. How? Find out in the next section.
What to Do upon the Discovery of a Security Incident
Over the years, cyberattacks have grown not only in volume but also in complexity. We continue to see a rise in the number of security incidents as well. Organizations must thus establish more stringent preventive measures to prevent security incidents from becoming actual events. Users who stumble upon security incidents should:
- Avoid investigating or attempting to remediate the compromise on their own if they aren’t part of their organizations’ security teams.
- Advise fellow users to refrain from accessing an affected system.
- Disconnect an affected system from the network by turning off wireless network access or unplugging its network cable.
- Avoid shutting down the affected machine.
Failing to do the steps mentioned above may affect investigations. Once you’ve performed the recommended actions, report the security incident to your system administrator. Include the following information:
- Your name
- Your department (if working within an organization)
- Contact details (email address, phone number, etc.)
- Detailed description of the security incident
- Exact date and time of the security incident
- Identified resources or systems affected
Security incidents can vary in severity and nature. The more severe an incident is, however, the greater the risk that an affected organization would experience a disruption. As such, companies must ensure that their systems and networks are safe from security incidents.