Use your computer fearlessly.

[ Security | Consulting | Research ]

Rapid Response to Breach, Part 7

by Brent Kirkpatrick

(Date Published: .)

Evolve your response.

Cyber-intrusions and breaches happen. As your company recovers from one intrusion, you are susceptible to others. It is crucial to learn from previous intrusion responses.

The number of people who become involved in breach response scales according to the magnitude of the breach. If necessary your legal and PR teams should become involved. They can help with customer response to the breach.

As more people in your company become involved in breach response, coordination is crucial. Avoid using hacked communication methods. The last thing you need is fraud that disrupts the coordination of breach response.

Strategy during a breach response involves simple elements that can be combined in unique ways to throw the hackers off-balance. These elements include as the announcement of breach details, rebooting computers, re-installing operating systems, and upgrading software.

Recovery from breach requires blocking intrusion routes which may include both people and technology. Clients of the company must also recover from the breach.

Investigation is properly done after the recovery. The chain of custody of evidence must be preserved. Secured computers are required for collecting and analyzing evidence.

During all of this, a company must evolve its response to be better than the last time. Each time a company is hacked it must learn and improve its response.

defendIT. AI-driven security measures derived from security incident data.

© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.