Response (Investigation and Recovery)
When somebody makes changes to your network, Domain implements tools that determine the intended changes from the malicious. With this software, we can monitor your network and perform forensic analyses to determine if somebody modified, deleted, or stole information.
Based upon our findings, you may need to notify government agencies and your customers about a breach, especially if personal information is involved. Domain can use the above-mentioned tools to provide you with the needed information.
After the investigation phase is over, we begin the recovery phase of the Response stage. During this phase, Domain recovers information where possible and provides advice when necessary to help your organization get back on its feet.
The main concern associated with cyber security is not IF your system will be pierced – but WHEN. Organizations must create a cyber-intrusion response plan before this incident occurs, in order to protect the organization from negative implications.
The plan should include:
- Discovering where the intrusion occurred (or what was “hacked”). This requires implanting a change tracking software in advance of any attack.
- Determining what information was stolen or tampered with.
- Determining how to close the system vulnerability (the “hole”)
- Deciding how to clean all remnants of the hack from the system
- Immediately notifying everyone whose information was stolen or suspected of being stolen
- Providing credit monitoring, management, and restoring assistance to the accounts stolen
- Implementing a public relations campaign to protect and restore brand image
- Using and executing cyber insurance
As you can see, cyber security planning no longer entails just protecting the system from hacking, but also includes accepting ahead of time that the system may be hacked and putting a strong response plan in place that will help the organization recover successfully from the cyber-attack in a minimal amount of time.