What to Expect During a Cybersecurity Incident.

Written By Tom Kelly

Cybersecurity Incident Response Strategies

Let's dive into our cybersecurity incident response strategy we apply to your business to effectively manage and mitigate the impact of these incidents including ransomware, data breaches, business email compromise, wire fraud, IT system hijacking, etc. Depending on the nature of your company, the incident, and/or any applicable laws/regulations the process can vary.

Incident Response Process.

An incident response plan serves as a playbook for addressing cybersecurity incidents.

  1. Detection: You’ve detected unusual activity known as indicators of compromise. This may be obvious signs like ransomware note on our background wallpaper, unauthorized downloads and file transfers, new users, new backup emails, and hackers/cyber criminals demanding a ransom. It could also be more subtle signs like software programs and/or browser plugins on your computer(s) that you didn’t install, strange files, new email routing rules, new router settings, slow computer, slow internet, browser settings and default homepages you did make, etc.

  2. Analysis & Investigation: We investigate the incident, and assess the severity and nature of the incident and threats. We’ll analyze the malware, investigate the exploited vulnerabilities, what computers, files, and data were accessed, etc.

  3. Containment: We take steps to isolate affected systems and limit the attack's spread. This might involve taking affected systems offline. This may involve negotiating with the ransomware threat actors.

  4. Documentation: Throughout this process we’ll document the incident including logs, screenshots, etc.

  5. Eradication: We’ll remove the threats, malware, and/or revoke unauthorized access from your systems.

  6. Recovery: We’ll restore your IT systems and ensure the integrity of recovered data.

  7. Compliance Report: If you meet state data breach disclosure law thresholds we’ll help prepare reports. If you're in a regulated industry and data privacy/security regulations apply such as Health Insurance Portability and Accountability Act (HIPAA/HITECH), Financial Industry Regulatory Authority (FINRA), Gramm-Leach-Bliley Act (BLBA), Payment Card Industry Data Security Standard (PCI-DSS), Cybersecurity Maturity Model Certification (CMMC), and/or state data privacy laws we’ll help prepare a report for this too.

  8. Lessons Learned: After an incident, conduct a thorough review to identify gaps and areas for improvement in your plan.

Key Steps to Take When a Cyber Attack Occurs:

Facing a cybersecurity incident can be overwhelming, but having a clear set of steps to follow can make a significant difference:

  1. Isolate and Preserve Evidence: If possible, isolate affected systems while preserving any evidence for potential legal action.

  2. Notify Relevant Parties: Inform your incident response team, IT department, and relevant stakeholders about the incident.

  3. Assess Impact: Determine the extent of the breach or attack to prioritize your response efforts.

  4. Coordinate Communication: Develop a communication plan that ensures transparency with internal teams, customers, and regulatory bodies.

Things to consider and communicate:

During a cybersecurity incident, effective communication is paramount. Keep these best practices in mind:

  1. Clear Chain of Command: Identify stakeholders to provide accurate and consistent updates to.

  2. External Communication: Have prepared messages for customers, partners, and the public to maintain trust and manage expectations. Designate a spokesperson to all outside parties.

  3. Regulatory Compliance: Be aware of legal and regulatory obligations for reporting incidents, especially when sensitive data is involved.

  4. Internal Communication: Maintain open lines of communication within your organization to ensure all teams are aligned. Brief your teams, set clear procedures and expectations.

Conclusion

A well-crafted incident response plan, clear steps for immediate action, and effective communication strategies form the foundation of your business's ability to manage cybersecurity incidents. In the next blog post, we'll delve into specific tactics for recovering from data breaches, including immediate actions to limit data exposure and strategies for rebuilding systems. Stay tuned to equip yourself with the knowledge needed to navigate the intricate landscape of cybersecurity incident response.

CyberSecurity Emergency Team

Phoenix, AZ Based - Nationwide Reach

Tom Kelly
Previous

Signs Your Computer is Compromised
Next

Understanding Cybersecurity Incidents