What to Do After a Cyber Attack

What to Do After a Cyber Attack -min

The time immediately following a cyber attack is crucial. You want to prevent the spread, eliminate the threat, notify relevant parties, and return to normal operations as quickly as possible. This is of course easier said than done, especially if you don’t have a plan in place beforehand. It’s therefore important to prepare for and understand what to do following an attack.

Preparing for an attack involves having the correct documentation in order and ensuring it’s up-to-date. Examples of such documentation are incident response plan, disaster recovery and business continuity plans. These will help identify possible risks and provide a clear set of procedures on how to respond and recover in the event of a cyber attack. At a high level, this involves 6 steps.

Here are the steps to take after a cyber attack:

  • Contain the breach: When an attack occurs, you need to do all you can to stop the spread and isolate important systems. Separating, and in some cases shutting down, those systems can prevent the spread of an attack and the damage it leaves behind.
  • Engage cyber security specialists: A cyber security breach is a serious incident and requires specialists to ensure proper remediation. Engaging qualified cyber security specialists ensures proper and complete remediation. You could imagine a scenario where a company doesn’t engage specialists and thinks they have completely removed the attackers from their system, yet the attackers maintain persistence.
  • Report the incident: After an attack, your first instinct may be a desire to hide what happened, concerned about repercussions, fines, or damage to your reputation. While those feelings are normal, there are laws that may potentially require you to report the incident to the appropriate staff member within your organisation (such as Chief Information Security Officer), customers and law enforcement immediately.
  • Investigate the damage and cause: If you don’t have an incident response plan in place, it’s time to create one. Following incident reporting, law enforcement and/or your team will need to investigate the incident to determine the cause and impacts of the attack.
  • Remediate the damage: Following investigation, the next step for organisations is to remediate the damage, fix identified vulnerabilities and load data backups or other systems so that the organisation can return to the normal course of business.

Our experienced team offers incident response for organisations following a data breach, analysing what occurred and determining how to remediate the aftermath. Contact us to learn more about our incident response and security planning services.

CATEGORIES

- -

TAGS

- - - - -

SHARE

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • Level 4, 11 York Street Sydney NSW 2000 Australia
  • Goods Shed North, 710 Collins St Docklands, Melbourne, VIC 3008 Australia
  • Lot Fourteen, North Terrace Adelaide SA 5000 Australia
  • 44 Montgomery St San Francisco California USA
  • 9 Raffles Place #14-05 Republic Plaza Singapore 048619

(c) 2024 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.