
Until the response team contact
10 STEPS TO FOLLOW
- Isolate the affected systems to prevent further damage and contain the attack.
- Identify the type of attack and the specific systems or data that were targeted.
- Notify senior management and the IT department immediately.
- Retain a digital forensics team to conduct a thorough investigation.
- Disconnect or shut down any compromised systems to prevent data exfiltration.
- Change all passwords and implement two-factor authentication for all accounts.
- Review and update security protocols and policies to prevent similar attacks in the future.
- Take a snapshot of all the affected systems and data to aid in the investigation.
- Communicate with your customers and partners, informing them of the situation and the steps you are taking to resolve it.
- Continuously monitor the systems for any suspicious activity, and ensure that all systems are fully restored and secure before bringing them back online.
Understand event types
Ransomware:
- A type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key.
Breach:
- An unauthorized entry into a system or network.
Hacked:
- The act of gaining unauthorized access to a system or network.
Under Attack:
- An ongoing effort by an attacker to gain unauthorized access to a system or network.
Impersonation:
- An attacker pretending to be someone else, such as in phishing attacks.
Data Stolen:
- The unauthorized access and removal of data from a system or network.
Services Down:
- A situation where a system or network’s services are not available due to an attack or other issue.
