IT Management
SHARE
Facebook X Pinterest WhatsApp

First Step After You’ve Been Hacked? Call the Feds

Financial Sector Sees Cyber Incident Increase in February If your system has been hacked, what would your first reaction be? Speaking for myself, I think I would want to know who did it and figure out how it was done. That’s my personality, to learn the who, what, and why of a situation first, and […]

Written By
SP
Sue Poremba
Apr 6, 2015
Slide Show

Financial Sector Sees Cyber Incident Increase in February

If your system has been hacked, what would your first reaction be?

Speaking for myself, I think I would want to know who did it and figure out how it was done. That’s my personality, to learn the who, what, and why of a situation first, and then focus on the damage control. I suspect that this is human nature for a lot of people, too.

On the other hand, when I asked that question to a security professional during an informal conversation, his response was this: Find out what information was hacked and determine whether the FBI needs to be involved immediately. You have to figure the data had already been compromised, he said, so you’ve got to work on minimizing the damage.

According to Edward J. McAndrew, assistant United States attorney and cybercrime coordinator with the U.S. Attorney’s Office in the District of Delaware, and Anthony DiBello, director of strategic partnerships for Guidance Software, the security professional I spoke with is on the right track. When a hack happens, it is important to resist human nature regarding the hacker (at least immediately). Instead, you want to focus on mitigating damage and data loss and providing information to law enforcement so the cops can identify and take action against the bad guys.

Contacting law enforcement doesn’t seem to be a priority during the immediate post-breach phase. For instance, Digital Guardian asked dozens of security professionals what steps to take after a data breach. Granted, a breach doesn’t necessarily mean the network was hacked – it could have happened via a lost cellphone or laptop – but I found it interesting that contacting law enforcement was not included in the comments, not even in the most detailed responses of action steps to take. If your company suffered another type of break-in or property loss, that would be the first step. So why isn’t it a priority when data is compromised or stolen?

It could be that we still haven’t reached the point where we consider electronically stored information in the same way we consider physical property, although I do think that is changing. It could also be a cultural or territorial thing – IT staff not wanting to admit or be held responsible for the hack happening under their watch. Or it could simply be that there is no protocol in place on how or when to report a hack to law enforcement. So McAndrew and DiBello have come up with the information that is helpful for the authorities to use to find cyber criminals, adding that these tips will also be dependent on the type of incident and other factors. But overall, it is a starting point for IT and security staff to create an incident reporting protocol if none is in place. The tips include:

  • Identify and contact information for individuals responsible for various components of incident response (legal, IT, senior management, outside consultants, etc.).
  • List information about discovery of the incident and steps taken since the discovery of the incident. 
  • Compile information relating to past incidents that may be related to the current incident. 
  • Share information about past contact with law enforcement agencies about other incidents. [This can allow us to quickly cross-reference historical information].
  • Provide identification of information systems and components involved and their locations.
  • To the extent they can be shared, give results (even partial) of internal investigative reports or forensic examinations conducted by non-law enforcement personnel regarding the incident. 
  • Identify signatures for detected malware, spyware and the like.
  • Prepare system logs (DNS, servers, etc.) relating to the incident.
  • List IP addresses and other external identifiers believed to be involved in the incident.
  • Provide network maps, locations and data flows relating to the incident, including vendors and cloud service providers.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

SP

Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

Recommended for you...

thumbnail
Top Managed Service Providers (MSPs) 2022
IT Management
Top Managed Service Providers (MSPs) 2022
Zephin Livingston
Aug 11, 2022
thumbnail
Observability: Why It’s a Red Hot Tech Term
IT Management
Observability: Why It’s a Red Hot Tech Term
Tom Taulli
Jul 19, 2022
thumbnail
Top GRC Platforms & Tools in 2022
IT Management
Top GRC Platforms & Tools in 2022
Zephin Livingston
Jul 8, 2022
thumbnail
Jira vs. ServiceNow: Features, Pricing, and Comparison
IT Management
Jira vs. ServiceNow: Features, Pricing, and Comparison
Surajdeep Singh
Jun 17, 2022
IT Business Edge Logo

The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.

facebook
linkedin
x

Company

Contact us Advertise with us

Categories

IT Management Networking Security Mobile Storage Cloud Applications Business Intelligence

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information