The first step is to assemble the incident response team. This team includes the technical team to examine the breach, HR and representatives of employees, intellectual property professionals to help in mitigating the impact on the company’s brand or recover information that could have been stolen, data protection professionals and representatives of public relations. The second step is to establish the scope and severity of the malware attack. This entails conducting an investigation as to the facts that surround the breach, and its effects. As such, there is the need to collect everything we can on the incident and then analyze it. The entry point and the breadth of the breach will also be identified.
The step that follows involves containing the breach and minimizing the risk. The goal of containment is to stop the malware from spreading as well as eradicating the threat entirely (Thompson, 2018). This will entail disabling network access for computers suspected to have been infected by the malware (so as to quarantine them), and setting up security patches to solve malware issues and vulnerabilities in networks. There will also be the need to reset passwords for users whose accounts were infringed. In addition, backing up all affected systems to maintain their present state for later forensics will be necessary.
Another step pertains to the recovery process. This is where infected files are deleted and the good ones are restored. However, it is important to ensure that the recovery time is minimized as much as possible so as to prevent further damage (Thomas & Stoddard, 2012). This can be attained by ensuring that the incident team works around the clock to eliminate the threat. The last step is to use the incident to identify areas for improving the current Information Security Incidence Response plan. The improvements can them be added to the documentation.
Thomas, T. M., & Stoddard, D. (2016). Network security first-step. Cisco Press.
Thompson, E. C. (2018). Cybersecurity incident response: How to contain, eradicate, and recover from incidents. Apress.