The time immediately following a cyber attack is crucial. You want to prevent the spread, eliminate the threat, notify relevant parties, and return to normal operations as quickly as possible. This is of course easier said than done, especially if you don’t have a plan in place beforehand. It’s therefore important to prepare for and understand what to do following an attack.
Preparing for an attack involves having the correct documentation in order and ensuring it’s up-to-date. Examples of such documentation are incident response plan, disaster recovery and business continuity plans. These will help identify possible risks and provide a clear set of procedures on how to respond and recover in the event of a cyber attack. At a high level, this involves 6 steps.
Here are the steps to take after a cyber attack:
- Contain the breach: When an attack occurs, you need to do all you can to stop the spread and isolate important systems. Separating, and in some cases shutting down, those systems can prevent the spread of an attack and the damage it leaves behind.
- Engage cyber security specialists: A cyber security breach is a serious incident and requires specialists to ensure proper remediation. Engaging qualified cyber security specialists ensures proper and complete remediation. You could imagine a scenario where a company doesn’t engage specialists and thinks they have completely removed the attackers from their system, yet the attackers maintain persistence.
- Report the incident: After an attack, your first instinct may be a desire to hide what happened, concerned about repercussions, fines, or damage to your reputation. While those feelings are normal, there are laws that may potentially require you to report the incident to the appropriate staff member within your organisation (such as Chief Information Security Officer), customers and law enforcement immediately.
- Investigate the damage and cause: If you don’t have an incident response plan in place, it’s time to create one. Following incident reporting, law enforcement and/or your team will need to investigate the incident to determine the cause and impacts of the attack.
- Remediate the damage: Following investigation, the next step for organisations is to remediate the damage, fix identified vulnerabilities and load data backups or other systems so that the organisation can return to the normal course of business.
Our experienced team offers incident response for organisations following a data breach, analysing what occurred and determining how to remediate the aftermath. Contact us to learn more about our incident response and security planning services.