Response (Investigation and Recovery)
When somebody makes changes to your network, Domain implements tools that determine the intended changes from the malicious. With this software, we can monitor your network and perform forensic analyses to determine if somebody modified, deleted, or stole information.
Then, based upon our findings, you may need to notify government agencies and your customers about a breach, especially in the case of personal information.
After the investigation phase ends, we begin the recovery phase of the Response stage. During this phase, Domain recovers information where possible and provides advice when necessary to help your organization get back on its feet.
The main concern associated with cyber security is not IF your system will be pierced – but WHEN. Therefore, organizations must create a cyber-intrusion response plan before this incident occurs to protect the organization from negative implications.
The plan should include:
- Discovering where the intrusion occurred (or “hack”); This requires implanting a change tracking software in advance of any attack
- Determining what information the hacker stole or tampered
- Determining how to close the system vulnerability (the “hole”)
- Deciding how to clean all remnants of the hack from the system
- Immediately notifying everyone whose information was stolen or suspected of being stolen
- Providing credit monitoring, management, and restoring assistance to the accounts stolen
- Implementing a public relations campaign to protect and restore brand image
- Using and executing cyber insurance
As you can see, cyber security planning no longer entails just protecting the system from hacking, but also includes accepting ahead of time that someone may hack the system and putting a strong response plan in place to help the organization recover successfully from the cyber-attack in a minimal amount of time.