Category: Blog
Cyberattacks have become an inevitable part of doing business. For those who have experienced an incident response, it can be a chaotic and emotionally charged event. A new study revealed that some IT employees have experienced PTSD symptoms after a ransomware attack. So, what should you do when your organization experiences a data breach?
- Do Not Panic, But Act Promptly
Enact your incident response plan immediately. Staying calm and following a structured plan is crucial.
- Isolate the Network
Disconnect affected systems from the network to prevent the spread of the breach.
- Cut Off Internet Access
Limit the attackers’ ability to communicate with compromised systems by cutting off internet access.
- Identify Infected Areas and Segments
Determine which parts of your network and which systems have been compromised.
- Remove Access from Compromised Accounts
Disable access for any accounts that have been compromised to prevent further unauthorized actions.
The initial moments after declaring an incident are often chaotic and emotional, which is normal. This is why having tested and up-to-date incident response plans, business continuity plans, and disaster recovery plans can make all the difference in recovery efforts. The worst time to start cataloging system priorities for recovery is during an event.
Isolate the Incident
Data breaches encompass a wide range of attacks with varying levels of severity. The first step is to isolate the incident to limit damage. Cutting internet access also restricts what attackers can do from within. Isolate the threat, expel it, and ensure there are no backdoors for re-entry. Security architecture assessments are recommended to ensure configurations do not allow backdoor entry.
Do Not Reboot Your System
Rebooting systems can result in the loss of evidence and interrupt incident response efforts. This is problematic for those seeking police intervention and for cyber insurance claims, which may require logs. Most importantly, rebooting might activate malware, causing it to spread further and hinder recovery efforts. Attackers often anticipate that organizations will panic and reboot systems, leading to widespread infection, especially in ransomware cases. If someone has rebooted in a panic, please contact us at 1.866.430.8166 for incident response services.
Plan Ahead for Resiliency
Ultimately, your organization’s strength lies in its resiliency plans for recovery. Plan ahead, be prepared, and ensure a quick recovery.
By following these steps, you can effectively manage a data breach and minimize its impact on your organization. For expert guidance and incident response services, contact us at Hitachi Cyber.
