Reactive Services when Security Breach Occurs

Data Security Breaches, Cyber Intrusions, and Hacking are occurring in organizations around the world on a daily basis. Many IT Departments respond to data breaches with the primary goal of identifying the breach exploit and stopping any real-time data loss.

Did You Know…
The average cost
per data breach
is $150 per record
x (times) the number of records
in your system!

Rarely, however, does this type of data breach response ever answer critical issues regarding the trustworthiness of key players, the scope of damage, the restoration of the organization’s reputation, defense against criminal or civil actions brought to the organization to recover damages by customers, shareholders, suppliers and other stakeholders, or the documentation and substantiation of an insurance claim.

In fact, many times the security breach incident response protocols used to stop the data loss destroy valuable artifact evidence.

To comprehensively resolve a data breach with immediate incident response, Vestige’s Forensic Data Breach Response Service is ready and experienced at being parachuted in to :

  • Stop data loss
  • Investigate the data breach
  • Assess to understand the scope of the data breach
  • Support your company’s legal position to respond to anticipated litigation and downstream liability issues
  • Validate trusted relationships
  • Restore public and private confidence in your processes and personnel

As Easy As 1-2-3

Vestige’s experience solving data breach issues runs deep as we bring availability, responsiveness and speed to provide resolution to time critical data security issues. If your organization has had valuable information already compromised due to a cyber attack or data breach — Vestige can help with a data breach response in three easy steps.

The first step in Vestige’s comprehensive data breach support is assisting your in-house IT professionals to stop the real-time data loss while Vestige’s digital forensic experts identify and preserve vital artifacts and sources of information.

Artifact Preservation Details
Vestige’s Preservation forms the basis for our Artifact Analysis and for your organization’s repair and restoration strategy, including legal and/or criminal action against or from third parties, if any. Vestige’s digital forensics professionals are unique in their proficiency of providing expert court testimony in support of all aspects of Artifact Preservation.

  • Legally defensible identification and preservation of relevant devices (servers, workstations, routers, firewalls, etc.) are processed using proper chain of custody protocols
  • Collection and analysis of memory (RAM), log files artifacts and data from affected system(s)
  • “Lock down” systems to prevent manipulation
  • Analysis and assistance to the legal team with Breach Notification Laws to determine organization’s duties

In the second step, Vestige’s digital forensic experts analyze the preserved artifacts and form Expert opinions regarding critical components of your repair and restoration strategy.

Artifact Analysis Details
Step 2 will address the following pertinent questions and issues:

  • Can the data breach be traced to an identifiable third party?
  • Is there sufficient artifact and content evidence upon which to base a civil or criminal action against an identifiable third party?
  • Have any key players or trusted business advisors intentionally or negligently created the opportunity for the data breach?
  • What is the scope of notification based upon analysis of the breach exploit?
  • What damage occurred that is or may be within the scope of insurance coverage?
  • What system and local machine artifacts are critical to support an insurance claim and to prove the state of the system at the moment of data exploit?
  • What certifications/assurances can be made by Vestige as part of a coordinated repair of reputation and restoration of confidence?
  • Malware identification, analysis and removal
  • Identification of attack vector
  • Removal/cracking of passwords, if necessary, to provide access to financial systems
  • Recovery of deleted information
  • Assessment of damage
  • Vestige’s Artifact Analysis is frequently the subject of strategy advisement with General Counsel and/or outside counsel

In the final step of our data breach incident response, Vestige’s Artifact Analysis is used to strategize a plan to repair and restore confidence in your organization’s business processes and personnel. Common restoration program includes Vestige’s Assessments of key IT systems to provide official certification that the systems are compliant with standards, and/or that internal controls operate in accordance with written protocols. Where applicable, your company’s repair and restoration strategy may also include Vestige providing critical electronic evidence to your legal team, regulatory and/or law enforcement agencies. Learn more about our data breach response services today.

Repair & Restoration Details
Scope can be customized to meet organizational needs and generally includes:

  • Conduct a review of the entire IT environment and system controls
  • Make recommendations for stopping the breach and securing the organization’s environment. Vestige provides analysis from a neutral, unbiased, third party which may be officially required in matters such as data breach
  • Repair, restore and secure your organizations IT environment, provide implementation of improved controls, and provide an effective plan to prevent future data breaches.
  • Development and implementation of written Incident Response Plan to mitigate the effects of any future breaches (Recommended Option)
  • Network Penetration Testing / Perimeter Security Assessment of your IT environment (Recommended Option)
  • IT General Controls Audit (Recommended Option)

For Proactive CyberSecurity Solutions

Click here for more information on Vestige’s PROACTIVE CYBERSECURITY SERVICES.

Contact Us today for more information on proper data breach response steps and to discuss how Vestige can assist with your cyber security incident response needs.