The cyber threat landscape is constantly evolving and becoming more sophisticated. As a result, it is becoming harder and harder to prevent attacks. This is highlighted by the fact that nearly 1.4 billion records were exposed across 686 total breaches between January 1 and March 31, 2018 alone. Consequently, being prepared to react to a breach is becoming just as important as preventing them. Your response to a cyber attack is crucial, and there are several ways in which you should go about it.
Inform your response team
When an incident is discovered, a response team should be made aware as quickly as possible. First of all, a response team should already have been established, in preparation for a potential attack. Once that has been done, and they have been informed of an incident, an investigation should be actioned immediately. Within these teams should be technical members who can look into the source of the attack, data protection experts, as well as a PR specialist who can manage public perception.
Contain the breach
Many cyber attacks have been ongoing for a prolonged period of time before they are even detected. This can sometimes be weeks or months, meaning it is essential that the breach is contained swiftly. Once it has been contained, the next step is to ensure all systems are secured. This involves identifying exactly which networks have been compromised, and what needs to be done to prevent any further damage being done. Only when systems are secure can attentions turn to what needs to be done moving forward.
Carry out a thorough investigation
Once the initial dust has settled, a thorough investigation must be conducted. You should look into how the incident was allowed to happen, as well as the level of disruption that is likely to be caused as a result. The ramifications can be severe, so leave no stone unturned in establishing which data has been lost, and whether any sensitive customer information has been stolen. Employee involvement accounts for nearly 75% of all security breach incidents, meaning each member of staff must be considered when searching for the cause of an attack.