So along with the daily hassles of IT network operations and part-time security responsibilities, security breaches will happen. Plan on them. Any major breaches involving customer financials or data theft, for example, warrant action beyond determining how the hacker(s) found the hole and finding a patch to close the gap.
Systematic response is critical
Once a security breach has been identified, the methods of those responsible for internal reaction is critical -- not just to identify and patch the unauthorized entry points, but to identify the perpetrator(s), establish the extent of the damage, determine what was accessed, and notify customers and appropriate agencies, if needed. The following steps will help you maintain control when dealing with major incidents, and when addressing necessary follow-up:
Intrusion information gathered during the process of internal investigation and recovery may be the basis of support for your accusations in court. When substantial damage or sensitive data theft has occurred, be sure to contact legal counsel regarding referring incident information to law enforcement.
Law enforcement referral
There are several options available to your firm in case a major network incident has been uncovered that has resulted in potential significant losses. Beyond legal counsel, several organizations are available to assist in major intrusion resolution. The CERT Coordination Center offers useful incident recovery and reporting procedures. The Computer Crime and Intellectual Property Section of the Department of Justice provides specific agency reporting guidelines for Internet-related crime.
An important caveat: be cautious about reporting network or Internet intrusions to local law enforcement agencies. Check them out before incidents occur. Well-trained computer forensic investigators are still scarce at the local and state level.
As added assurance, considering obtaining insurance against damage from viruses, hackers, unauthorized access, and recovery-related expenses.
Dr. Goslar is principal analyst and founder of E-PHD, LLC, a security industry research and analysis firm. He is also on the editorial board of the International Journal of Electronic Commerce and can be reached at Comments@E-PHD.COM.