So you’ve discovered your company has been caught in a compromising position - your system administrator starts rambling strange words like "SQL Injection," "BOT Net," and "Buffer Overflow" and other things you don’t quite understand but he looks worried. Real worried. Once he notices the puzzled look on your face, he begins to explain using phrases from a dictionary sized book with a skull and crossbones on the cover, and some pictures of computers inside. And that’s when you realize you need someone to assess what’s happened. You need someone to determine what should be done before too much information is lost, stolen, used, and way before anyone gains access to your most sensitive information. 42 realizes the importance of a quick response to these situations. You need someone to shut down the attackers before they get too far inside your network.
Anytime there is a data compromise there are two things on everyone's mind: how much information was taken, and how long before we are back up? Loss of important intellectual property and getting business back up and running are of extreme importance to any business, but you may find a much greater penalty down the line if the proper steps were not taken to secure proper evidence to validate the extent of the loss. Just fixing the computers without proper data preservation could very easily lead to unanswerable questions when some government official shows up to make sure nothing left the building.
Most states have now enacted laws which require organizations holding personal, insurance, patient, financial, and credit information to notify customers that their information has been compromised. Notification is not an easy thing to do. It is expensive, and can be such a burden that it could even cause a company to go under. Just because your server has been hacked does not mean information was stolen. A proper examination of the compromised systems is necessary in order to determine the extent of the compromise, and without proper evidence you could be caught holding the bag with no way to prove that data wasn't stolen. You need someone to help you through this disaster that will be able to advise you on the reality of any potential notification.
Rapid response is necessary and every minute that goes by is critical. That is why 42 is available around the clock to respond to incidents. Once the engagement begins 42 works with the IT and security staff to prevent any further damage to your organization. Moving forward, 42 will secure any evidence necessary to fully examine the compromise and report on it. Reporting is the mosting important part of the process and is key in preventing future attacks and keeping your company out of legal trouble when the question of data loss and notification arises.