IT systems only tend to make the headlines when things go wrong. High profile incidents where businesses lose customer or financial data are bad news, but how things are handled makes a big difference. Dealing with an incident effectively can not only minimise financial losses to the business but help prevent damage to its image too.
Australia’s New Mandatory Data Breach Notification Legislation, starting from February 2018, mandates most organisations with a turnover of more than $3 million to notify of eligible data breaches.
Elvidence’s incident response services help companies to reduce the impact of an attack and quickly restore their operations to normal. All incidents are different, so it’s vital to have an experienced team of computer forensic experts that can bring a flexible approach.
Most attacks are assumed to come from outside, with hackers or fraudsters attempting to steal financial information or intellectual property. Nonetheless, many threats come from insiders, thanks to staff or contractors misusing authorised access to systems or simply being careless.
An effective incident response involves making a quick and accurate assessment of the situation. It covers how the problem was detected, what information may have been compromised, and what steps have already been taken to plug the leak. This process must be in line with the client’s objectives, whether it’s to pinpoint the data lost, track down the attacker or put in place a recovery strategy.
It’s imperative to handle evidence in a forensically sound way so that it can be used in any possible legal action that may arise. Proper management of the investigation is also crucial to success.
At the final stages, we provide a detailed and accurate investigation report. It includes recommendations to senior management and technical staff to help them make optimal decisions. The information contained in the report can be used in any legal proceeding, sent to insurers or industry regulators.
Alongside the investigation, it’s essential to develop plans and countermeasures to prevent similar attacks in the future. These measures must consider the scope and available budget as well as the motives and tactics of potential attackers. Elvidence can help put together an incident response plan and provide training for organisations of any size.
Having a plan in place will reinforce the ability of the business to respond to future attacks. Whether it’s a virus infection, a DDoS attack or a leak of data via an insider, a good incident plan will offer the ability to respond quickly and minimise the negative consequences.