Cyber-Incident do's and don'ts

date: Feb 15, 2023
author: Florian Walther und Thomas Langthaler

As a Cyber-Incident Response provider, we at CERTAINITY have to deal with Ransomware- and other cyberattacks that do have devastating effects on the affected organization. In this blog post, we outline the most important do’s and don’ts when dealing with Cyber-Incidents. Cyber incident response refers to the actions taken by an organization to manage and contain the impact of a cyberattack or data breach. Effective cyber incident response is crucial to minimizing the damage caused by a cyber incident and restoring normal operations as quickly as possible.

Here are some key do’s and don’ts for effective cyber incident response:

DO

  1. Establish a cyber incident response plan: Having a well-defined incident response plan in place is essential for effective cyber incident response. The plan should outline the roles and responsibilities of team members, communication protocols, and the steps to be taken to contain and mitigate the impact of a cyber incident.

  2. Assemble a cyber incident response team: It is important to have a dedicated team of individuals with the expertise and skills to manage a cyber incident. The team should include IT and security professionals, as well as representatives from other departments such as legal, HR, and public relations.

  3. Identify and contain the incident: The first step in managing a cyber incident is to identify what has happened and determine the extent of the impact. This includes identifying the source of the attack and any vulnerabilities that were exploited.

    The next step is to contain the incident by taking steps to prevent further damage, such as disconnecting affected systems from the network and activating any security controls that may have been triggered.

  4. Communicate effectively: Effective communication is critical during a cyber incident. This includes informing the appropriate parties within the organization, as well as external stakeholders such as customers, partners, and law enforcement. It is important to keep everyone informed of the situation and any actions taken to address the incident.

  5. Conduct a post-incident review: Once the incident has been contained and resolved, it is important to conduct a thorough review to identify any lessons learned and to make any necessary changes to the incident response plan or security protocols. This will help prevent future incidents and improve the organization’s overall resilience to cyberattacks.

DON’T

  1. Don’t panic: It is important to stay calm and focused during a cyber incident. Panic can lead to poor decision-making and may exacerbate the situation.

  2. Don’t delay in taking action: Time is of the essence during a cyber incident. The longer an attack goes undetected, the more damage it can cause. It is important to act quickly to contain and mitigate the impact of the incident.

  3. Don’t ignore legal and regulatory requirements: It is important to be aware of any legal or regulatory requirements that may apply to the organization’s response to a cyber incident. This may include reporting requirements to law enforcement or regulatory agencies.

  4. Don’t forget about the human factor: Cybersecurity is not just about technology. It is also about people. It is important to consider the impact of a cyber incident on employees and to provide support as needed. This may include offering counseling services or other forms of assistance to help employees cope with the aftermath of an attack.

  5. Don’t pay ransom: With payments, you fuel the business model of the criminals. In case you are in the unfortunate situation that you are forced to pay, don’t try to negotiate ransom on your own. Seek help from an experienced professional negotiator.

In conclusion, effective cyber incident response requires a well-defined plan, a dedicated team of experts, and quick action to contain and mitigate the impact of an attack. It is also important to communicate effectively, adhere to legal and regulatory requirements, and consider the human factor.

By following these do’s and don’ts, organizations can minimize the damage caused by a cyber incident and restore normal operations as quickly as possible. Nevertheless, we strongly recommend to quickly seek professional help from an experienced Incident Response provider in case of a Cyber-Incident.

In case you have an ongoing cyber attack and need urgent support from subject matter experts please contact our CERT:

by E-Mail at csirt@certainity.com or call:
CERTAINITY Incident Response Hotline:
 AT: +43 664 888 44 686
 DE: +49 800 237 82 46
 Europe: +43 664 888 44 686

Stay safe.