Data Breach Incident Response

Daily news of cyber incidents and data breaches is becoming the new normal.

Enigma Forensics’ cyber security experts are seeing increased demand to help organizations prevent, detect, legally respond and mitigate cyber incidents, and most importantly, stop them in their tracks. It is important that when cyber security incidents occur, preservation of critical log files and other data takes place to enable a further investigation. Common questions we help answer include:

• When did the incident occur?
• What if any information was compromised?
• Did any data become exfiltrated?
• Was any Personally identifiable information (PII) or Protected health information (PHI) data compromised requiring HIPAA or other compliance actions?
• What individuals or organizations were impacted?
• What are our notification responsibilities under the law?
• Does the incident need to be reported to law enforcement?

Our cyber security consultants have leading credentials such as the Certified Information Systems Security Professional (CISSP) certification, ensuring that your investigation is overseen by a qualified cyber expert knowledgeable on how best to respond.

Cyber incidents largely involve:
1) unauthorized access to a system or device and its data, or
2) extraction, deletion or damage to data, or
3) the disruption of availability or integrity of any business operation, or
4) activities causing financial or reputational harm.

In the US, state legislators have created a call to action after a data breach, enacting state data breach notification laws that require notification of the data breach to all those affected. Gathering the facts and evidence about a breach must be as expedient as possible due to the time constraints placed on the breached entity by these laws. Enigma Forensics has the experience and know-how to help you navigate this difficult terrain.

Recently, cyber incidents are moving beyond data breaches to include hardware-based root kits, ransomware, business email compromise (BEC) or spoofed emails, distributed denial-of-service (DDoS) attacks, and Internet of Things (IoT) connected device vulnerabilities.

Large organizations with substantial resources, and small to medium-sized business with more limited resources and expertise in data and technology, may find themselves unprepared if they do not anticipate a cyber-attack and develop an incident response plan:
1) to implement strong data stewardship (including security, privacy, and risk reduction) through the entire data life-cycle, and
2) to prepare strong, pre-incident rehearsals (including the plan, appropriate team, action steps, and regular training and testing).

Enigma Forensics can help your organization protect its data assets, not only for compliance with the various laws and regulations, but with the goal of reducing your attack surface and the impact of an incident.

We are ready to help you develop a plan to implement the U.S. National Institute of Science & Technology (NIST) Cyber Security Framework which includes the following key functions:
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover

It is important to take the time to prepare your plan before an incident occurs, since remediation costs associated with recovering from an incident are much more reasonable when a plan is worked out in advance.

Call Enigma Forensics today at 312-668-0333 or contact us for a complimentary cyber security expert consultation.