You’ve been hacked. Now what?

What should a company do after it’s been hacked? It’s a question Target, Home Depot, Sony Pictures Entertainment and others have had to ask over the past year or so. And it’s likely that other organizations will be facing the same question over the coming months.

Here are six key things to do after your company has suffered a security breach by a hacker.
    1. Keep cool and implement a coherent response plan.
The first thing to after you are hacked is to implement your well-thought-out incident response plan. Assuming you have one. If not, you need to quickly put one together.
The plan of attack needs to include who should be in charge of the overall response effort, who else should be involved, what actions should be taken by which groups, which technology tools are needed for timely detection and rapid response, etc.
The plan should include determining the extent of the breach, identifying what data was compromised, deciding how best to work with the legal department to determine if disclosure to law enforcement and other authorities is required, figuring out how the attack compromised the organization as a whole, and performing damage assessment. 
Typically, organizations should try to isolate or control traffic flow to minimize any further damage from the attack. If an adversary breaks in once, they will break in a second time if you don’t take the time to fix the problems. Once the exposures that were used to compromise the system are fixed, the focus turns to recovering the data and getting the systems back up and running and verify the systems before they going live. Once the systems are verified, monitor them to make sure the attacker does not get back in. 
2. Pull together the incident response team.
The team should include IT, business leadership, human resources, public relations, legal and operations.
You may wish to retain a breach coach, a lawyer with experience in security and privacy compliance issues, to assist in your defense and the interpretation of various state and federal regulations that may have been triggered following a data breach event.
3.    Work with vendors and security experts as needed.
Many times companies will need the help of key vendors and security consultant firms to identify the cause of the breach and ensure that further attacks are stopped before they can do damage.
4.    Deal effectively with legal concerns.
After there’s been a hacking incident, IT, security and other senior executives should meet with corporate and external legal teams to discuss the potential implications.
Remediation of the problem might take a while because the root cause of the hack might not always be readily apparent, and companies need to take care to preserve any evidence. 
The legal concerns are centered around potential government investigation, whether on a federal or state level; and making sure that under the relevant breach notification statutes stakeholders are informed, as well as business partners. 
5.    Cover your insurance bases.
Following a breach, notify your agent and claims representative as soon as possible. Data should be categorized to understand whether personally identifiable information such as Social Security numbers or medical records; financial information or other confidential data was compromised.
6.    Keep the lines of communication open.
It’s important to keep employees, customers, business partners and other interested parties up to date on what’s happening with regard to the attack, its impact and the organization’s response. Silence can imply incompetence, confusion or worse.
Along with effectively communicating, companies need to consider the psychological impact of a hack attack on employees and customers, especially if it involves a violation of emails or personally identifiable information.
http://www.computerworld.com/article/2887363/you-ve-been-hacked-now-what.html?phint=newt=computerworld_data_management&phint=idg_eid=2bb689d07643a520469baa93e05ca014#tk.CTWNLE_nlt_datamgmt_2015-02-25

« Cyber Insurance Market Boosting Cyber Security
New weapons offer hope against advanced cyber-attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.