Situation update 1: An attacker was able to compromise an outlook account of an executive due to the use of weak passwords and lack of Second Factor Authentication on the executive’s account. The malicious actor gained access to this account over 3 months ago, remained covert and was able to monitor all the executive’s mails and thereby understanding the technological processes in the Bank. Key words such as password, account, finance, amount etc. were searched on the mailbox and the credentials to a secure database and VPN to connect to the internal network were retrieved.

How will you classify the risk level?

Who determines the impact the incident will have on core business operations and services?

Who is to be held responsible for the coordination of the different units of the team to work towards one unified incidence response plan?

What bad cybersecurity practices was/were observed in the Bank that led to the breach?

Situation update 2: The SOC team detected that one of the Bank’s  core database was accessed via a different IP and sensitive data of customers, CAC certificates, bonds, loan accounts and other PIIs were downloaded/copied out.  An investigation was launched by the security team to narrow down which user account was used in accessing the database. The investigation reports showed that the CIO accounts was used in accessing the database at 0200hrs on the day of the Incident.

The security team proceeded to carry out a forensic investigation on the CIO’s account and it was discovered that some certain sensitive mails were forwarded to a Gmail account and deleted from the sent folder in the CIO account. The IT team then sends a mail to the CIO to change his password, that conforms to the new password policy.

Would you say data privacy & protection was breached?

Who is responsible for reviewing the performance and effectiveness of Information security policies within the Bank

Situation update 3: Three days later, a panicked customer called to ask why details of his loan transactions and his asset he used as collateral were posted and trending on twitter. Shortly after, another customer called to complain that the portal he frequently uses to track and view the status of his transaction is down.

Which team should oversee the customer’s request?