Eradication & Recovery
Once the attack is contained, your response team will eradicate the infection so that the organization’s day-to-day operations can resume.
But that’s only part of your cyber incident response goal. It’s not enough to prevent monetary loss—which can mount if the breach shuts down a business for an extended period of time. You also need to identify and address the security failure that led to the breach, and implement countermeasures to ensure it won’t happen again.
Recovery is the last step of the incident response process, but it’s not an end. Organizations need to be constantly vigilant, with 24/7/365 monitoring and visibility, to avoid future compromises.