Inspect crime scene, provide first aid, secure evidence: Deutsche Telekom's Incident Response Team is on hand when companies fall victim to digital crimes.
"You've been hacked. Pay 25 bitcoin or your data is lost forever." Cyberattacks on companies are an everyday occurrence, and ransomware attacks represent a particularly perfidious form. Using malware, criminals encrypt company data and extort a ransom for its release. This means that IT and often the entire business are paralyzed. What to do in an emergency?
If you suspect that third parties may have broken into your IT systems, Deutsche Telekom's Incident Response Team provides immediate assistance.
The specialists look after customers in Germany, Austria and Switzerland. They are very versatile and flexible, because their field of activity goes beyond that of an IT forensics expert.
Police for the digital
In an emergency, the first step taken by the helpers is often to cut off access to the Internet to stop communication with the attackers. "When we are called, the attack is usually already at a late stage. Emblematic: the house is on fire, the children have been kidnapped, the property has been stolen," explains Malte Fiedler, Head of Incident Response.
Step by step, the cybersecurity professionals get to work: they devote themselves to forensics, analyzing digital footprints and fingerprints, reconstructing the intrusion and attack, assisting in the removal of malware and restoring operations. "Basically, we specialize in what the police would do at a crime scene - lock down, preserve evidence, interview, profile the perpetrator and ultimately provide advice."
In a crisis, preparation counts
There is no such thing as one hundred percent protection against cyberattacks, Malte Fiedler knows. But it is not uncommon for technology to sound the alarm - but for poorly trained or overworked personnel to disregard the warnings. The biggest obstacle to the work of IT professionals, however, is usually inadequate preparation on the part of companies. Contingency plans? Crisis drills? Not a thing for many of those affected.
Malte Fiedler and his team help organize crisis drills, simulate attacks at the request of customers. "It's important to be prepared for an emergency. How do I recognize an attack? How do I react? Who do I need to involve? Ideally, an emergency manual exists in the company that provides the necessary answers."
Being responsive, for example, could also mean having log data in sufficient quantity so that it is possible to find out what happened in the days and weeks before the attack.
Good preparation pays off, because the damage from cyber attacks can quickly run into six figures or even tens of millions.
On site, from anywhere and in the lab
Depending on the severity of the security incident or the complexity of the initial situation, Telekom's IT professionals work remotely or directly on-site at the customer's premises. Forensic analysis, such as examining server copies for anomalies, is carried out in in-house laboratories. There, the team also devotes itself to jobs that are not critical in terms of time. "That could be, for example, that a customer sends us a laptop and asks us to examine it for malware or manipulation," says Malte Fiedler. One thing is certain: the need is growing and so will Telekom Security's incident response team.