Breaches, incidents and events happen to every company. Seriously, if you don’t believe it, your company has either already put tools and/or processes in place or your team just doesn’t know about the breach. Big companies, like Target and Home Depot, have been victims of credit card breaches. The only remediation actions were initially performed by Bank of America or Chase on behalf of their own credit card customers that shopped at the compromised stores. Companies who are much smaller are also dealing with credit cards in very manual or insecure ways. Even if they don’t take credit cards, these smaller companies still have confidential and/or personal data to protect. Regardless of how little personal data (and most do have some) is kept, these businesses still have websites and proprietary data they want to keep safe.
As a particular practice that we are proud to facilitate, ADHERE has been dealing with breaches, incidents and events since 2002. We know how to guide you through an issue, build a process for you or even build a full blown Security Operations Center (a SOC) if required.
Here’s an example of an engagement. A Costa Mesa company discovered data being sold by one of its own employees. They were stunned and really wanted to know the extent or timeline of their loss. Since it was an internal employee, this investigation (which ultimately ended up in a court of law) had to be performed quietly and without alerting the “leak”. Many legal and forensic practices had to be followed. The customer had to be guided on proper “Chain of Custody” to preserve evidence for court. Someone would ultimately have to present this information in court. Someone had collect the information properly and teach them the process for future. That was ADHERE. In the end they prosecuted, received restitution and had some tools and practices to make sure this didn’t happen in the future. WIN!