Incident Response to Data Breach, Part 3: Coordination

by Brent Kirkpatrick

(Date Published: 11/21/2017. Revised: 4/26/2018.)

Do not rely on hacked communications during breach response.

Coordination is crucial during breach response. Cooperation across departments and on teams of IT people. The normal modes of communications may be breached, so effective coordination may make use of off-line communications, such as in person conversation or telephone.

In any case, email may be breached, so it is better not to rely on it. Business email compromise is one of the most expensive cyber-crimes and one of the most dangerous during an ongoing breach. Imagine a hacker posing as your CEO during a crucial response to a breach. The hacker could interfere with response measures, leak the cyberattack to the media, and defraud pay checks.

Off-line communications may be key to handling a breach. There are also on-line options that are different from your normal communications, for example Exigence which is a cloud-based ticket system for incident management. Do not forget that in person conversation is very useful for sorting out misunderstandings and meetings are useful methods of broadcast. If necessary, even a memo may be more efficient and less compromised than email.

Clean-Up (TM). Incident response driven by data.

Business Articles:

Incident Response, Part 1: Planning
Incident Response, Part 2: Response
Incident Response, Part 3: Coordination
Incident Response, Part 4: Strategy
Incident Response, Part 5: Recovery
Incident Response, Part 6: Investigation
Incident Response, Part 7: Evolution

Cascading Data Breaches
Incident Response Plan
Why Clean-Up Hacking?
Rapid Containment of Intrusions