The First Steps After an Attack

The term “security breach,” and other similar phrases, have become commonplace. This year alone we have seen the data of millions of people illicitly accessed and stolen from the networks of giants like Target, eBay, and JPMorgan Chase. Each week there seems to be a new report on some company falling prey to ever-ready attackers.

In order to continue successful business operations, maintain customer trust, and build a strong brand reputation, everyone from the CEO to the network analyst needs to know what initial steps they have to take after a network intrusion.

Detecting the Breach

The first step in successfully managing a network security breach is to first detect that there is a true threat. This may seem like a blatantly obvious step and like a task that can be completed with the utmost speed and ease, but past evidence suggests otherwise. Hackers resided in Target’s network for approximately 15 days before being discovered; JPMorgan Chase’s for 2 months; Neiman Marcus’ and Home Depot’s for 5 months each; and Goodwill’s for an astonishing 18 months! These delays in detection seriously hindered the vulnerability remediation processes of these companies and led to even more data loss.

Why is detection so slow?

A long detection process can be caused by any number of factors. Perhaps management shifted resources to other aspects of the business or perhaps widespread cultural changes led to a lapse in preparedness. Aleksandr Yampolskiy, CEO of SecurityScorecards, in The Huffington Post cites security teams being inundated with data as being the primary reason detection can take a long time: “[Security teams] get so much information that the event that matters is buried in those security logs.” Vulnerability scanners and intrusion detection tools can return large amounts of information about false-positive security breaches, so it is imperative to keep this information organized and security teams ready to react quickly to the real threats.

Contact a Security Response Professional

A company’s security team may be prepared to remediate the vulnerabilities that allowed the attack to occur, but it may not be ready to handle all of the other problems that come along with it. A hacking event can interrupt business services, damage the company-customer relationship, and lead to a series of legal and regulatory obligations which vary according to the state in which the event occurred, the industry of the company affected, and the type of breach. It can be a dizzying experience.

It is for these reasons that contacting a security response professional is necessary, if there is not already one in the security team. In fact, it is best to bring one in as soon as an attack is suspected, so that no time is wasted.A certified digital forensics expert will help a company:

  1.      Determine the scope of the data loss
  2.      Secure the proper evidence for further investigation into the attack
  3.      Defend against exposure
  4.      Retain customers
  5.      Assess the legal and regulatory requirements that have to be met

Security breaches are nearly impossible to prevent, but they can be managed successfully if the correct initial steps are taken. Swift detection and the inclusion of knowledgeable and capable professionals can mean minimal data loss and the quick resumption of business as usual.