Four Questions to Ask After a Cyber Attack
- In order to respond to a cyber attack, an organization needs to ask the right questions. As posted by Cyber Security Intelligence (https://www.cybersecurityintelligence.com/blog/four-questions-to-ask-after-an-attack-4427.html), Andy Pearch of CORVID lists four questions all organizations must be able to answer in detail to prevent another similar attack.
- How and where did the breach take place? Security professionals need to know exactly what went wrong.
- What information was accessed? Specific files must be identified to determine the impact on the organization, including whether the breach needs to be reported.
- How can systems be recovered quickly? Prompt identification and remediation eliminates or at least reduces downtime and reputational damage.
- How do you prevent a recurrence? Every breach should be a learning experience about how to spot unusual activity. A “managed detection and response” approach investigates suspicious activity and manages breaches once detected.
Today hackers use the same tools and tactics as bona fide users. Total protection is not possible. Rapid detection and remediation is the only proper response to cyber threats.