So you've been hacked, now what?

The statistics would seem to suggest that it is less a matter of if and more when your enterprise will fall victim to a hack attack of some kind. Once you've been hacked, then what?

1. Verify that an incident has taken or is taking place.

2. Identify its scope and impact (is it a customer credit card database hack with data stolen or just defacement of a little used information portal).

3. Capture evidence of the attack and any ongoing activity (forensically image workstations or servers, take live analysis of compromised systems, collect logs for network infrastructure."

4. Stop any ongoing compromise.

Advertisement - Article continues below
Advertisement - Article continues below

5. Determine the extent of the damage and plan repair activity.

6. Determine the attack vector and plan remediation of defences.

7. Implement security updates to prevent re-compromise (apply patches, harden vulnerable server, improve firewall rules etc).

8. Implement repairs and restore service.

9. Analyse and investigate available evidence to determine attack timeline and confirm all compromised areas have been identified.

10. Compile evidence into report and pursue legal action.

Advertisement - Article continues below

Disclosure checklist (supplied by Prof John Walker of the ISACA):

If the breach has any actual, or potential to impact on Government Sensitive, or Marked Information Assets then call the relevant agency.

If Personal Information has been impacted which are subject to the controls under the Data Protection Act then consider the reporting channels.

If you have a Corporate Communications Division then consult with them so as to prepare for any potential of adverse reports, or press inquiries.

Always be aware of the relevant local, and International laws and legislations, and their impact on the situation. Report in accord under the guidance of your Corporate Communications Division.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019