Incident Response to Data Breach, Part 7: Evolution
by Brent Kirkpatrick
(Date Published: 12/1/2017. Revised: 5/2/2018.)
The number of people who become involved in breach response scales according to the magnitude of the breach. If necessary your legal and PR teams should become involved. They can help with documentation, notification, and customer response to the breach.
As more people in your company become involved in breach response, coordination is crucial. Avoid using hacked communication methods. The last thing you need is fraud that disrupts the coordination of breach response.
Strategy during a breach response involves simple elements that can be combined in unique ways to throw the hackers off-balance. These elements include as the announcement of breach details, rebooting computers, re-installing operating systems, and upgrading software.
Recovery from breach requires blocking intrusion routes which may include both people and technology. Clients of the company must also recover from the breach.
Investigation is properly done after the recovery. The chain of custody of evidence must be preserved. Secured computers are required for collecting and analyzing evidence.
During all of this, a company must evolve its response to be better than the last time. Each time a company is hacked it should learn and improve its response, otherwise it may be re-compromised quickly.
Clean-Up (TM). Incident response driven by data.
Incident Response, Part 1: Planning