Data Breach Investigation​

If you have been subjected to a data breach, hacked or compromised, your organisation needs to ensure it takes the necessary steps to mitigate the potential of serious harm that might impact customer data or personally identifiable information before reporting to the Office of the Australian Information Commission (OAIC).

 

Identify, Protect, Detect, Respond and Recover

What does a Data Breach Investigation Look Like?

For most organisations in Australia, having a defined incident response framework is something of a luxury. In the event you are breached, Gridware’s incident response consultants in can be logged in remotely within minutes to implement our proprietary incident response methodology.

Gridware will immediately assess the extent of the breach, the severity of the incident and the likely impact it will have on the business, including business disruption, financial loss and damage to reputation.

We will also work with your management team and legal counsel to help them determine whether a notification is required under the revised Privacy Act (Commonwealth) regulations relating to the Mandatory Data Breach Notification Scheme. We can also liaise with the relevant law enforcement or any other relevant government authorities such as the Australia Federal Police, the Australian Cyber Security Centre and other bodies.

How we Investigate, Contain and Remediate a Data Breach

Detection & Analysis

Immediately deploy on-site or remotely from our Sydney head-office to determine how an incident has occurred. Digital Forensic analysis of the precursors and indicators of the breach. Report the incident to the appropriate government agency.

Containment

Review if the current steps taken were adequate. Acquire, secure and document evidence. Contain the incident by identifying the source of vulnerability and reducing the impact of serious harm to individuals, employees and stakeholders.

Protect & Recover

Deploy commercial sensors to protect your network during the investigation phase. Determine if the measures taken were adequate. Remove the source of vulnerability or exploit. Repeat detection and analysis to identify other vulnerabilities. Secure systems from further breach. Recover to operationally stable state.

Post-Incident Report

Create a follow-up report, detailing a play-by-play breakdown of the cyber breach. Undertake lessons learned through workshops with IT and management teams. Provide recommendations.
What does a report include? →

We work with the best

We are proud to have offered our incident response, digital forensics and data breach investigation services to some of Australia’s largest ASX listed and private sector organisations. Our expert cyber forensic team are recognised for their capability and agility in responding to complex cyber breaches internationally.

Why you should choose Gridware for data breach investigations

  • Experience

We are a nationally recognised leader managing hundreds of major data breach investigation engagements.

  • Industry

Our leadership team’s involvement in the industry provides deep and current understanding of risk and threats.

  • Risk Approach

We apply best-practice standards in what we do and take a risk-based approach to ensure information security is addressed holistically.

  • Balance

We employee a variety of experts to ensure any cyber event can be addressed quickly and effectively.

What Does A Post-Incident Response Report Include?

  • High-Level Guidance On:
  • How to recover back to business as usual
  • Understanding your company’s risks
  • Assessing the extent of a breach
  • Determine likely impact and consequence
  • Identify the root cause of a breach
  • Provide your team with technical recommendations to prevent the issue from reoccurring
  • Forensic Investigation Services To:
  • Detail any forensic material identified relevant to the breach
  • Provide guidance on containment
  • Determine the most likely point of entry/root cause
  • Identify the extent of unauthorised access
  • Highlight activities or lateral movements of the threat actor within the target environment
  • Potential exfiltration of data
  • Report and Review:
  • List of findings, root cause and risk rating
  • Timeline of events
  • How the issue was contained
  • Individual forensic analysis reports
  • Recommendations for improvement
  • Overall suggestions to improve security

Data Breach Investigation and Incident Response (FAQs)

A data breach investigation is a process undertaken by cyber security forensic specialists such as Gridware to determine the immediate extent of a ‘hack’, which includes but is not limited to the loss of confidential data to an unauthorised individual or the compromise of a critical set of infrastructure or web applications by a malicious party. The data breach investigation will also determine the impact and consequence of the breach to calculate the financial, reputation or business loss involved.

Containment is a process involving limiting and preventing any further damage from occurring as a result of a security incident. The first step should focus on limiting damage as soon as possible – this can be done through network segmentation of infected workstations, taking down production servers or routing all traffic to redundancy/failover servers. Long-term containment should focus on rebuilding clean systems and removing the source of compromise if identified.

The costs of a data breach investigation will vary from organisation to organisation, and is heavily dependent on the amount of resources required to conduct the forensic analysis. The average consulting days for of a data breach investigation in Australia will range between 3 – 20 FTE consulting days.

We do provide templates, checklists and sample policies and procedures for download, including sample incident response plans. You just need to contact us.

The length of the investigation depends on the size of the data breach, being the amount of data that has been exposed or leaked, as well as the size of the business and complexity of the business processes. For most organisations, a data breach investigation can commence and be completed in under 7-10 days. In most cases, containment of a data breach can be completed within 1-2 business days depending on many other factors that we would need to assess.
Gridware’s cyber forensic team can begin work on a breach with 15 minutes of being notified. Our capabilities runs across our Sydney, Melbourne, Brisbane offices as well as other capital cities, Gridware’s cyber forensic team can issue an immediate assessment and action plan to contain a breach in under 6 hours. For greater Australia, we have a minimum service level agreement (SLA) target response of 24 hour.

Customer Stories

Gridware has acted for hundreds of companies and helped them recover from potentially disastrous situations. Read about how our services have helped others:

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.