Practice of Law

Responding to a Cyberattack

What do you do when you or your client is the victim of a cyberattack, i.e., an attack on its computer system or network? This is becoming a more and more pressing question, as a RAND Corporation study finds the frequency of cyberattacks on American companies is increasing, with the average hacker attack costing about $500,000. Because cyberattacks usually occur without warning, leaving website operators insufficient time to assess and respond to the situation, you need to have a plan in place before any attack occurs.  Any response plan for a cyberattack should not only focus on getting the system back up and running, but it should also be focused on preserving evidence for possible use in a later civil or criminal case. Here’s a general outline of actions to consider if a hacker attack or other network disruption occurs:

  • Make contact. Contact legal counsel, local law enforcement, any applicable insurance carriers, and the website host or internet service provider. Also, if unencrypted personal information is maintained on the website, be sure to comply with CC §1798.82 and notify all those affected.
  • Assess the damage. Take stock of physical damage to hard drives or electronic files and assemble evidence of any damage, including evidence that the attack compromised trade secrets or confidential proprietary information. Assess any damage caused by network downtime and impairment of service availability to customers.
  • Track costs. Keep track of the costs of all remedial work undertaken and expenses incurred as a result of the attack, including the cost of hiring third party consultants, loss of productivity, and lost profits. Don’t forget any hardware and software costs.
  • Preserve evidence. Back up and then isolating the computer or server accessed in a secure location to preserve any clues to the intruder’s identity. Shut down or reconfigure the system if possible so that it does not run utility programs automatically. Automated maintenance or utility programs can delete and recycle data on a hard drive, and potentially destroy evidence automatically.

For the complete checklist on responding to a cyberattack, go to §18.23 of CEB’s Internet Law and Practice book.

Bookmark and Share

© The Regents of the University of California, 2010. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

4 replies on “Responding to a Cyberattack”

Here are some things people need to think about before they are hacked:

1. Is your network and computers properly configured to collect evidence? Hackers know how to delete log files and their tools once they’re done with their dirty work. Make sure when the forensic team shows up, you have something to give them other than a blank stare.

2. Is your network architecture secure? Confidential and propriety information should not be on a network that has Internet access. Compromise is inevitable and unavoidable, so be sure to plan for worst-case scenarios.

3. What information is being stored on laptops and desktops in publicly accessible areas? If hacker decides to steal your hardware (physical break-in, social engineering, etc.), what information will be compromised? Should that information even be stored in publicly accessible areas?

Add your comment to the blog post

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s