Proper Data Breach Incident Response

We read about data breaches almost on a daily basis (think recent Hacking Team, Ashley Madison breaches), but most of us do not quite know what happens before you read about the data breach in our favorite news source. How is a breach discovered and handled? Who responds to major data breaches?To begin with, let’s define a data breach: A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized party.

As an executive, the last thing you want to hear is that your organization has been compromised and data has been ex-filtrated. Not surprisingly, most organizations do not have a dedicated incident response team – it’s expensive to train and maintain them – and for majority of the time, there is not a lot of work for them to do. Some organizations try to re-purpose their internal IT team to serve this role, in addition to their main job focus. This, however, does not usually yield the desired results. Instead, the team is highly ineffective and only has the ability to handle some rather basic tasks and cannot be counted on in critical situations. Even then, although they might know the procedure in theory, they lack the hands on experience needed.

At this point, many companies realize the shortcomings of the above mentioned approach and reach out to highly specialized external teams, such as the Cyber Team 6. A team comprised of an elite crew of incident response professionals that have undergone a special training and have responded to dozens or even hundreds of data breaches in the past. Teams that are on call and ready to be deployed immediately and handle any situation. A SEAL Team 6 of the digital realm. The required skill set for effectively responding to a critical situation is very difficult to find because it includes:

  • Working long hours in crisis mode
  • Ability to quickly maneuver
  • Having high situational awareness
  • Providing proper needed guidance to a client in crisis mode
  • Ability to carry out a top-to-bottom command execution and the ability to manage and perfectly organize a team
  • Expert knowledge of the latest hacks and threats
  • Expert knowledge of the latest tools and technology used to combat the threats encountered

Amid the chaos that takes place in a time like this, it’s easy to understand how unprepared organizations crumble under the pressure. We see breaches being handled improperly quite often and if one thing is certain, it’s that the more unprepared you are when responding, the more it will cost you. This holds true for companies of practically any size.

Before the next breach happens at your company, take a moment to ask yourself these two questions: “How prepared is my organization to handle a data breach?” And: “How can I ensure that when a breach occurs it will have as little of an impact as possible?”

The original post can be seen at the CyberTeam 6 website.


CyberTeam 6 is an elite team of highly knowledgeable and experienced incident response professionals. We are ready to assist you with your digital forensics and incident response needs. Being prepared is the best defense when managing a compromised system on your network.