4 CRITICAL STEPS FOR
RESPONDING TO A CYBER INCIDENT
INCIDENT RESPONSE PLAN
Whilst taking action quickly is essential to mitigating the impact of an attack or breach, digital evidence must also be handled with precision and care to protect sensitive information from being overwritten, destroyed, or otherwise corrupted.
Follow the best practices listed below to preserve your digital exhibits then contact Cyber & Digital Forensics as soon as possible so a thorough investigation can take place.
TYPES OF CYBERCRIME WE CAN INVESTIGATE:
+ Phishing: using fake email messages to get personal
information from internet users;
+ Identity theft: misusing personal information;
+ Hacking: shutting down or misusing websites or computer networks;
+ Cyberstalking: harassing victims online;
+ Malicious software: using internet-based software or programs to disrupt networks;
+ Insider threats: including espionage, fraud, sabotage and intellectual property theft.
Mobilize the Response Team
The first step? Don’t panic. Whilst you’ll want to mitigate the damage by acting quickly, you must consider all decisions carefully; it helps to have a dedicated team trained to deal with cyber attacks already in place to ensure all the right moves are made.
Once you’ve determined whether this is a real attack or simply a glitch in the system, decide what your business objectives are for the response operation, for example, which data, networks, and services should be prioritised for recovery.
Contain the Threat
Next, identify what part of the network has been compromised and isolate it immediately to stop the loss of more valuable data or the attack from spreading. Other preventative measures you may want to take include rerouting network traffic, implementing temporary firewalls or limiting user access control.
Rule number one, stay switched on. Digital evidence, by its nature, is incredibly volatile and easily modified, so shutting down a machine can delete valuable information on how the attack originated, where the breach took place and the amount of damage done.
A couple of other rules to remember when it comes to evidential integrity include ensuring other devices aren’t plugged into the device, such as memory cards or USB thumb drives, and not opening applications or files in case any data is overwritten.
Preserve the Evidence
Contact Cyber & Digital Forensics
Using leading digital forensics software and the latest techniques, our team of specialists make a secure copy of the affected systems, analyse the extent of the incident and produce our findings in a detailed PDF or HTML report. The intelligence gathered will help you fix any vulnerabilities and keep your systems safer in the future. Speak to one of our technical experts for free, impartial advice by calling Cyber & Digital Forensics or emailing firstname.lastname@example.org.
Cyber & Digital Forensics is a qualified digital investigation organisation that works to ISO9001 standards and ACPO Guidelines. We are also working towards a fully ISO 17025:2017 accredited forensics laboratory.
We hold the following accreditations: