How to respond to a cybersecurity breach?

Malware_01

  • Lock-down: Perform the actions necessary to prevent further data loss or damage to the organisation and mitigate business risks;
  • Preserve Evidence: Forensically capture data on compromised or affected systems, document the data breach;
  • Investigate Incident: Use forensic and information security tools to determine the source of an attack, understand the threat actor’s motivations and attempt to identify the perpetrator;
  • Management Report: Provide a full log of investigation undertaken, the results of this investigation and provide policy and technical remediations where necessary.