Cyber Security Incident Report: How to Report, Methods and Whom to Report To

A cyber security incident can happen to anyone with internet access.

Cybersecurity incidents are becoming more and more common as the population grows and technology advances. Unauthorized access to computer systems and networks, data breaches, social engineering techniques to access sensitive information are just a few of the ways an incident can occur.

The severity of a cybersecurity incident is determined by what was taken, what was changed, or how much damage it caused.

If you believe your company has experienced a cybersecurity incident, it’s important to report it as soon as possible. We will discuss some methods for reporting an incident and who should be contacted in this article!

What is a CyberSecurity Incident?

A cybersecurity incident can be any event that causes harm to the confidentiality, integrity or availability of an organization’s data.

Some examples are theft of customer information from a database, disclosing confidential research findings on social media and attacking computer systems through malware.

The severity of these incidents is determined by what was taken, changed or how much damage it caused.

The severity of the incident is also determined by whether or not there was any malicious intent on behalf of the attacker.

How to report a cybersecurity incident?

Cybersecurity incidents should be reported to the appropriate authorities by following these steps:

– Create a detailed log of what happened, which will help when filing a report. Include information such as IP addresses, data types and times.

– Contact your Network Security Officer (NSO) or IT security specialist for assistance with reporting an incident to authorities.

– Notify law enforcement immediately if the incident involves any of these: a theft, fraud or identity theft; an attack from outside your network that caused harm to your company’s systems and data; or any instance where you believe someone has accessed confidential information without authorization.

Incident reporting is important for small businesses as it helps prepare for and mitigate the damage of an attack.

Where to report a Cybersecurity Incident?

After you have been a witness to a cybersecurity incident, you should report it to one of these authorities:

Your local FBI Field Office

Report cybercrime, including computer intrusions, fraud, intellectual property theft, identity theft, theft of trade secrets, criminal hacking, terrorism, espionage (corporate or foreign), and sabotage to the FBI Field Office below. Report individual instances of cybercrime to the IC3.

FBI Field Office Task Force – http://www.fbi.gov/contact-us/field

Internet Crime Complaint Center (IC3) – http://www.ic3.gov

National Cyber Investigative Joint Task Force

NCIJTF CyWatch 24/7 Command Center: 855-292-3937 or cywatch@ic.fbi.gov

United States Secret Service

Report cybercrime, including intrusions or attacks, transmission of malicious code, password trafficking, or theft of payment card or other financial information

Secret Service Field Offices and Electronic Crimes Task Forces (ECTFs) – http://www.secretservice.gov/contact/field-offices

United States Immigration and Customs Enforcement / Homeland Security Investigations (ICE/HSI)

Report cyber-enabled crime, including digital theft of intellectual property; illicit e-commerce (such as dark-web sites); internet-facilitated proliferation of arms and strategic technology; child pornography; and cyber-enabled smuggling and money laundering.

HSI Tip Line: 866-DHS-2-ICE (866-347-2423) or https://www.ice.gov/webform/hsi-tip-form

HSI Field Offices: https://www.ice.gov/contact/hsi

HSI Cyber Crimes Center: https://www.ice.gov/cyber-crimes

National Cybersecurity and Communications Integration Center (NCCIC)

Report suspected or confirmed cyber-incidents, including when the affected entity may be interested in assistance from the government to remove the adversary, help restore operations, and recommend further ways to improve security.

NCIC: (888) 282-0870 or NCCIC@hq.dhs.gov

United States Computer Emergency Readiness Team: http://www.us-cert.gov

What is a CyberSecurity Incident Report?

A CyberSecurity Incident Report is a report of any incident that disrupts the confidentiality, integrity and availability of an organization’s information assets.

How to Create a Cybersecurity Incident Report?

The Cybersecurity Incident Report is created in the form of an email letter.

A complete report will include the following:

– Information about who you are and why you are reporting this incident, including information on any personal or professional involvement that might affect your position as an observer

– A description of what happened (what was observed)

– Your contact information

– If applicable: the date and time of your observation, where it took place, what you observed (the “impact”)

– The identity of any witnesses or people who can verify what happened.

Remember that other observers may not have the same background knowledge as yourself. It is important that you are clear in your report.

Cyber Security Incident Examples

Here are some examples of cybersecurity incidents that have happened in the past:

• • • • Hackers get into your network and steal information, like usernames and passwords.
      • A virus is introduced onto your computer system from an external source like a USB drive.
      • A website you go to has malware on it that infects your system when you visit and click on certain links or buttons.
      • You get an email with a link in the body of the message, but not in the “subject” line. When clicked, this malicious link downloads software onto your computer that would allow someone to control your system remotely.
      • Someone gains access to a database with personal information from the dark web, where sensitive data is sold and/or traded.
      • A company insider uses their credentials inappropriately or downloads unauthorized files onto an external drive which they then remove without authorization.

What is the goal of Computer Security Incident Management?

The goals of Computer Security Incident Management are to identify, assess and respond to cybersecurity incidents.

These three steps help organizations protect their information assets from harm while minimizing any potential business impacts such as data loss or other damages that could come about due to a security breach.

What is the goal of Cyber Security Incident Response?

The goal of Cyber Security Incident Response is to identify and respond to an incident in a timely manner.

• • • • The first step is the identification of the security breach, often done by using logging software or monitoring systems that detect intrusions into company networks.
      • The second step is assessing the severity of the attack, which can be judged by the extent of unauthorized access to company or customer information.
      • The third and final step is taking steps to minimize any potential business impacts such as data loss, other damages that could come about due to a security breach, etc.

Conclusion

If you’ve just experienced a cybersecurity incident and want to know what the next steps are, we’re here for you! Our team of experts will work with you every step of the way. Whether it’s an IT problem or malware attack on your computers, our cybersecurity experts have seen it all before.

We’ll help you determine whether there is any information that needs to be protected as part of your incident response plan and how much data may need to be restored from backup files in case anything was lost during the attack.

Contact us today if this sounds like something you’ve been struggling with or would like more information about.