It doesn’t matter how big and prepared your organization is, or whether it’s in the United States or it’s multinational: it may still be vulnerable to cyber attack data breach incidents. If the event is serious enough, you’ll need help from an expert response team getting it cleaned up.
Learning more about emergency incidents – as well as how Thrive’s protection and response services can help you manage your company’s security – can help you become better prepared against potential future attacks.
Incidents are defined as events with a human cause, not mechanical or system failure. They will fall under one of three types of events: normal, escalation, and emergency. Normal events don’t negatively impact critical components or necessitate the following of a change control process before they can be resolved, nor do they demand senior personnel or incident response involvement.
An escalation-type incident is more serious than a normal one, as there is an impact on critical production systems and it may also require that a solution’s implementation follow a prescribed change control process. Most, if not all, incidents at this level do require the senior staff and stakeholders to be notified. However, they likely won’t have to be involved at this point.
An emergency event is one which has the possibility to lead to a public emergency. It may potentially negatively impact the health and safety of human beings, breach primary controls of critical systems, physically affect hardware performance, prevent activities that protect human safety or health due to system impact, or otherwise meet certain standards set forth in a policy or be declared as such by the incident coordinator.
The issue is typically first discovered by a person using the affected program, like an employee or an outside source like a vendor or customer. They should alert the appropriate first responder IT team members through a report or ticket. That team will then look into the ticket details and rule out a false positive wherein an emergency response would not be required. They will also gather additional data and run automated analyses at this point to determine the potential impacts. Once this is completed, the first responder team will then declare the incident to be normal, escalation, or a high-level emergency.
When the incident is declared to be an emergency by the chief information officer (CIO), an incident response team must be notified and brought in to determine the nature and scope of the event and start the emergency response process. A prepared organization should already have an emergency management team on call and a response plan in place; however, if they don’t, it is still possible to find a company online and hire them to immediately begin the remediation process.
The security incident coordinator will assemble their team and manage the response process, while ensuring that they are properly staffed to do so according to that specific incident. A meeting is typically held at this point to discuss what is known about the situation, from how large of a breach it is and how much exposure it will have, to how much it will cost to repair and what the overall risk is. Once this is discussed, the team will then determine how to proceed.
At this juncture, certain systems may be locked down for repair and to stop further damage from happening where possible. A thorough investigation should also begin. Additionally, it is at this point that senior and professional staff – which includes the CEO, CFO, PR staff, and the company’s corporate attorney – will be notified of the situation and become involved as needed.
The emergency incident response team should work diligently until all necessary repairs are made, all vulnerabilities have been addressed, the attackers have been identified, and law enforcement has been contacted. It’s possible that new security training will need to occur for employees and vendors, and existing preventative plan resources may need to be updated.
To have better odds of preventing such an attack from happening again, it is recommended to hire an IT Cyber Security firm, like Thrive Security. They can help audit your company’s security infrastructure and vulnerabilities, and even build and implement a customer security program for your organization. You can even hire them on the spot for an emergency incident response if you have already experienced trouble and need remediation.
Thrive has a dedicated team of security experts that is qualified to identify risks and gaps. They’ll take the time to learn exactly how your company works and what your needs are so that they can create and implement custom resolutions that are compliant with existing standards and regulations.