Effective data breach identification and recovery
Intrix Cyber Security conducts data breach investigations on behalf of organisations that believe cyber threats may have compromised application or network data. Working together with an company’s IT staff, the Intrix Cyber Security team will develop a comprehensive data investigation and recovery plan that:
- Investigates and confirms whether a data breach occurred
- Details the severity and type of any data loss
- Identifies the source of the breach
- Recovers data and restores data integrity
- Strengthens systems including closing any security gaps
- Reports the extent of the breach and recovery efforts
- Provides evidence to assist with insurance claims, criminal prosecution and regulatory requirements
For a confidential discussion concerning a possible cyber incident and subsequent data breach, contact Intrix Cyber Security on 1300 931 727.
What are data breach investigations?
Data breach investigations analyse an organisation’s application and network data to identify cyber security incidents. Once determined a data breach has occurred, investigators will seek to establish its cause and implement any necessary remedies. The objective of a data breach investigation is to answer these questions:
- Did a data breach occur?
- How severe, and what is the extent of the data breach?
- Which application or network data type was compromised?
- Are there any remaining threats that require to be isolated and eliminated?
- Is the breach indiscriminate, accidental or targeted?
- Who is responsible for the breach (if possible) and what is their motive?
- How to prevent future breaches and close security gaps?
Investigators will provide a report outlining recommended remediation works, appropriate steps to prevent future breaches and evidence for compensation claims.
Why should your organisation undertake a data breach investigation?
Cyber security incidents that compromise critical and sensitive data can result in significant financial loss and reputable damage. Malicious attacks usually focus on the theft of customer, employee and company data including personal identification, health and financial records, intellectual property, business intelligence and commercial agreements.
As a result customers, employees and suppliers all can become unsuspecting targets of the same malicious actors that executed the original cyber attack. Undetected data breaches may lead to:
- Additional cyber attacks that render an organisation unable to function
- Loss of competitive advantage due to data leakage of intellectual property and business intelligence to competitors
- Supply chain disruptions as suppliers investigate and mitigate their own cyber risks and attacks
- Customers experiencing identity theft and fraud after personal data is sold on the dark web
Data breach investigations allow investigators to take immediate action to identify and isolate current threats. It enables an organisation to:
- Implement recommendations provided by investigators
- Prevent and mitigate future cyber incidents ensuring business continuity
- Re-instill customer and employee confidence
- Seek compensation through insurance claims and legal action
Which types of incidents require a data breach investigation?
Cyber security specialists should be employed to investigate data breaches for the following incidents:
- Hacking attempts and intrusions with the intent to take over and/or disable networks, access accounts or identities, steal trade secrets and/or intellectual property or delete data
- Phishing, brute-force access, virus and ransomware attacks
- Office 365/Cloud service breaches involving mismanaged credentials or sophisticated user identity password and permissions-based targeting
- Self-propagating extortion attacks including ransomware, malware and virus outbreaks
- Code injection attacks and crypto-jacking where code is stored on computers, websites, servers, etc. to perform unauthorised tasks including crypto-mining
- Suspected insider threats or thefts involving internal staff accessing, compromising, sharing or selling data
- Human error or accidental exposure over the internet leading to leakage of sensitive or protected data
- Data lost in transit due to copying on external devices, or due to failure to appropriately dispose of, or clean decommissioned data carrying devices