Will your company ever ask this question? Hopefully the FBI does not call you …
As Jim Aldridge from Mandiant says in this youtube video the first thing that will happen is the FBI will call you in a somewhat cryptic manner…
Tell you the systems that were compromised and what systems compromised them. That’s it. If you do not have any SIEM (Security and Information Event Management) systems this information will be of limited value.
Unfortunately a breakin investigation (or forensics in Security terminology) may let you know that the hacker was in your systems for months or even years.
Jim Aldridge listed some good questions:
1. What information was exposed?
2. Do I need to notify regulators or customers?
3. What is the extent of compromise?
4. How much money did I lose?
5. How did the attacker gain entry?
6. How do we effectively stop the attack and remove the attacker?
Of course if you were scanning your systems and revealing vulnerabilities on a regular basis you will likely not get a call from the FBI.