

Ask HN: What should companies do if they are hacked? - suhail

Out of curiosity, I thought I'd quiz a HN on how you think companies should handle these situations that keep occurring?<p>Please comment below! =)
======
Theory5
Companies should already have in place a set of well defined, easy to follow,
procedures for identifying, containing, and removing threats to the network.

If the network has been breached you may be required to notify users,
depending on what kind of data is stored on the network (such as personally
identifable information) and the laws your company operates under.

Most large companies keep response teams on hand for exactly this sort of
issue, and medium/small companies should at least have a set of procedures and
information security operatives who can figure out how the network was
breached, what happened when the attackers were inside the network, and what
(if anything) was removed, added or altered (i.e. exfiltration).

EDIT: I did not see the 2nd part of your question.

In the case of a reoccuring event, the attackers may have installed a backdoor
somewhere on the network, stolen passwords or credentials, or may even be a
disgruntled employee.

In this case it is the job of the information security department to find this
breach, be it internal or external, and ensure that the breach cannot be
repeated. Proof-of-concepts can help in ensuring that the backdoor or breach
has been fixed.

------
csdreamer7
Depends on how they break your system. If it's by a well known 0day I would
think you should secure your systems and give public notice. If it's by a
unknown method and you trace it through a piece of software i'm not too sure.
Many vendors like Oracle have a horrible track record of patching
vulnerabilities until they become public.

I believe California requires notice within 30 days if it affects any
California users.

------
professorTuring
I believe that your best option is to contact your corresponding CERT.

They will provide you a little help managing the situation.

This is the US Cert: <http://www.us-cert.gov/>

* Depending on the State (or Country) there might be a legislation within how to act when you have been hacked or you have a security breach.

