What To Do When You’ve Been Hacked

22/02/2010

By Giri Sivanesan, Senior Security Consultant at Pentura

When your business discovers it has been hacked there are different mentalities on how to deal with it; for the Private Sector organisations the most important thing is to detect when a network or system has been hacked. Once an attack has been detected it then becomes important to identify the extent of the compromise, isolate any compromised networks or systems and contain them to stop the attack effecting other networks or systems.

National Security organisations may decide to take an altogether different approach and once they are satisfied it is being properly risk...

...managed, let the attack continue in order to monitor its movements, understand how it is working and what specific information it is targeting. They may argue that in some cases immediately isolating a malicious attack may mean that they are unable to understand the full extent and modus operandi of the attackers, strategically useful to prevent future attacks.

The next step is to decide who you need to tell and what industry specific rules you should follow. The first point of call would be to notify someone in a security leadership position so that they can then decide on the next defensive step and whether to escalate the incident up to someone more senior.

If a virus is involved for example, it may be best to move up the chain of command to the head of security who will then decide on the severity of the problem and whether or not to notify the board.

Depending on the severity of the incident, law enforcement authorities should be notified. Many large private sector organisations frown upon this approach however, embarrassed to be caught out and resorting to tackling and containing the problem themselves. Unfortunately this can often lead to press... continued on page two >

 

 

Advertisement

Advertisement