Handle Virus & Malicious Code Outbreak
Given that attackers are now moving away from
attacks that are merely a nuisance or destructive
towards activity that is motivated by financial
gain, malicious code attacks have become more
sophisticated and a significant concern to organisations.
A large-scale malicious code attack, often referred
to as a malicious code outbreak, can cause widespread
damage and disruption to an organisation, and
necessitate extensive recovery time and effort.
It is therefore crucial to implement adequate
preventive measures, such as deploying protection
and detection tools, to safeguard an organisation
from malicious code attacks.
However, there is no such thing as bulletproof
protection in the world of information security.
It is also important that the organisation develop
a robust information security incident procedure
so that personnel are better prepared to handle
malicious code outbreaks in a more organised,
efficient and effective manner.
As defined in the "Security
Incident Handling for Company" section,
an incident response process should have three
main stages: "Planning and Preparation",
"Response" and "Aftermath".
This section outlines the steps in the stages
"Response" and "Aftermath"
which are important to the complete handling of
a malicious code outbreak. For more information
about the "Planning and Preparation"
stage, please refer to the section "Security
Incident Handling for Company" mentioned
The "Response" Stage consists of the
following five steps:
Restoring infected systems to normal operation
does not mark the end of a malicious code outbreak.
It is also important to perform necessary follow
up action. This may include full evaluation of
the damage caused, system refinements to prevent
recurrence of the incident, updates to security
policies and procedures, and investigation of
the case for subsequent prosecution. Activities
in this stage can include the following:
Review the effectiveness of existing virus
/ malicious code protection procedures and
mechanisms, including central control and
management on virus signature distribution
and detection and repair engine update, scheduled
regular virus scanning, etc.
Update relevant policies, guidelines and
procedures whenever necessary.
Enforce the new security measures introduced
in the reviewed policy / guidelines / procedures
to protect systems against future attacks.
Remind users to follow security best practices,
such as not opening email from unknown/suspicious
email sources, updating security patches and
virus definitions on a regular basis and whenever