While reading an ebook on PCI DSS from SC Magazine, there was a side bar that had steps to be taken within the first 24 hours after identifying a breach, by Matt Malone, CTO and founder of Assero Security.
- Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin, i.e., when someone on the response team is alerted to the breach.
- Alert and activate everyone on the response team, including external resources, to begin executing a preparedness plan.
- Secure the premises around the area where the data breach occurred to help preserve evidence.
- Stop additional data loss. Take affected machines offline but do not turn them off or start probing into the computer until your forensic team arrives.
- Document everything known thus far about the breach: Who discovered it? Who reported it? To whom was it reported? Who else knows about it? What type of breach occurred? What was stolen? How was it stolen? What systems are affected? What devices are missing? etc.
- Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation.
- Review protocols regarding disseminating information about the breach for everyone involved in this early stage.
- Assess priorities and risks based on what you know about the breach.
- Bring in your forensic firm to begin an in-depth investigation.
- Notify law enforcement, if needed, after consulting with legal counsel and upper management.
It is important to remember that for the most part Cyber Criminals are not specifically targeting large organizations, they merely see an IP address.
Contact us to find out more.