Incident Response Services
“We think we lost our credit card data. Actually, we're not sure what we've lost...”
Data Breach Investigation
When the integrity of your data is compromised, it's difficult to know where to start putting things right. It's possible that attackers have simply harvested your customers credit card data from your eCommerce server, but what if the attack has actually been going on for some time and other servers and services across your network are also compromised?
It may be the case that the system files on the server itself have been replaced, allowing the attackers on-going access in the future.
The only way to be sure of what has happened is to investigate it thoroughly. We have the experience and expertise to work with your teams to get you back up and running, to figure out how the breach occurred, to determine what was compromised and what to do to secure the environment to prevent future attacks.
It may not necessarily be the case that an attack will come from outside. There is a wealth of evidence from various surveys conducted by Gartner and CSI/FBI which show that most data breaches that organisations suffer are executed by the firms own employees. In this case, it becomes even more important to discover the culprit so that steps can be taken to recover the data and to initiate disciplinary actions.
Whilst your internal IT teams will no doubt be able to get your systems back up and running, doing so without preserving the evidence of the 'digital crime scene' will mean that any attempt to figure out what happened, let alone present evidence at an HR tribunal, will be severely limited - perhaps fatally so.
Certainly it is the case that 'cyber' attacks are on the increase, however the steps required to prepare for such an incident aren't very time consuming or particularly expensive. Despite much of it being common sense, few organisations in our experience have put the procedures in place to ensure that tell-tale data is either captured or preserved.
There are a number of steps that can be taken to prepare for situations just like this, we've outlined a few of them in our forensic readiness section. We work closely with a number of organisations to establish relationships, gain an understanding of their infrastructure and train staff on the optimal procedures to follow unique to their organisation as part of our forensic readiness planning initiative.
What to do next?
If you'd like to know more about ways in which we can work with you to prepare a forensic readiness strategy, give us a call for free confidential advice, or drop us an email and we'll get straight back to you.