You’ve been hacked. Now what?

Uploaded on 2015-03-02 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

What should a company do after it’s been hacked? It’s a question Target, Home Depot, Sony Pictures Entertainment and others have had to ask over the past year or so. And it’s likely that other organizations will be facing the same question over the coming months.

Here are six key things to do after your company has suffered a security breach by a hacker.
    1. Keep cool and implement a coherent response plan.
The first thing to after you are hacked is to implement your well-thought-out incident response plan. Assuming you have one. If not, you need to quickly put one together.
The plan of attack needs to include who should be in charge of the overall response effort, who else should be involved, what actions should be taken by which groups, which technology tools are needed for timely detection and rapid response, etc.
The plan should include determining the extent of the breach, identifying what data was compromised, deciding how best to work with the legal department to determine if disclosure to law enforcement and other authorities is required, figuring out how the attack compromised the organization as a whole, and performing damage assessment. 
Typically, organizations should try to isolate or control traffic flow to minimize any further damage from the attack. If an adversary breaks in once, they will break in a second time if you don’t take the time to fix the problems. Once the exposures that were used to compromise the system are fixed, the focus turns to recovering the data and getting the systems back up and running and verify the systems before they going live. Once the systems are verified, monitor them to make sure the attacker does not get back in. 
2. Pull together the incident response team.
The team should include IT, business leadership, human resources, public relations, legal and operations.
You may wish to retain a breach coach, a lawyer with experience in security and privacy compliance issues, to assist in your defense and the interpretation of various state and federal regulations that may have been triggered following a data breach event.
3.    Work with vendors and security experts as needed.
Many times companies will need the help of key vendors and security consultant firms to identify the cause of the breach and ensure that further attacks are stopped before they can do damage.
4.    Deal effectively with legal concerns.
After there’s been a hacking incident, IT, security and other senior executives should meet with corporate and external legal teams to discuss the potential implications.
Remediation of the problem might take a while because the root cause of the hack might not always be readily apparent, and companies need to take care to preserve any evidence. 
The legal concerns are centered around potential government investigation, whether on a federal or state level; and making sure that under the relevant breach notification statutes stakeholders are informed, as well as business partners. 
5.    Cover your insurance bases.
Following a breach, notify your agent and claims representative as soon as possible. Data should be categorized to understand whether personally identifiable information such as Social Security numbers or medical records; financial information or other confidential data was compromised.
6.    Keep the lines of communication open.
It’s important to keep employees, customers, business partners and other interested parties up to date on what’s happening with regard to the attack, its impact and the organization’s response. Silence can imply incompetence, confusion or worse.
Along with effectively communicating, companies need to consider the psychological impact of a hack attack on employees and customers, especially if it involves a violation of emails or personally identifiable information.
http://www.computerworld.com/article/2887363/you-ve-been-hacked-now-what.html?phint=newt=computerworld_data_management&phint=idg_eid=2bb689d07643a520469baa93e05ca014#tk.CTWNLE_nlt_datamgmt_2015-02-25

« Cyber Insurance Market Boosting Cyber Security
New weapons offer hope against advanced cyber-attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.