The recent WannaCry ransomware attack is more proof that it\u2019s just not possible for any organization, regardless of size, to entirely prevent professional cybercriminals from breaching their data networks. There will always be someone out there with the skills and motive to figure out how to penetrate even the most expensive, most comprehensive, most state-of-the-art cybersecurity system. The U.S. Department of Justice has even\u00a0released a guidance document\u00a0outlining best practices for developing response plans to an inevitable breach.\nPerhaps a good analogy would be to consider home security. You can purchase and deploy the most sophisticated home alarm system available, but it doesn\u2019t prevent a criminal from penetrating that security. If you have a window in your house, it can be broken and your home can still be burglarized. You can board up your windows, but the doors can still be removed and the house can be burglarized. No security system is sufficient to stop a determined criminal.\nSo here is the question that leaders of all large organizations will likely need to ask of their team one day: Now that a breach has occurred in our systems, what do we need to do to assess the damage and investigate the cause?\nThere are five key steps that you should take in an aggressive post-incident response to a cyberattack:\n\nGo to the Plan Review your Incident Response plan and make sure that everyone is clear about who is handling which functions, when their deadlines are, and to whom they\u2019re reporting. If you don\u2019t have a clearly defined cyber incident response plan, McKinsey & Co.\u00a0provides a good explanation\u00a0of the components you should include.\nEvaluate your Training Do an objective assessment of the skills and the training of your internal professionals for the nature of the breach involved so you can determine your expertise gaps. This will allow you to obtain the appropriate level of external assistance you need for the Incident Response.\nProcure the Tools Whether you conduct the Incident Response with your own team or with outside assistance, the investigators will need to use the\u00a0proper software tools\u00a0to perform an advanced forensic analysis of computers, mobile devices, and network communications, so they can deliver a comprehensive view into exactly what happened and who was involved. You can procure these tools from a digital forensics software company such as AccessData or you can rely on your third-party consulting firm to use the best tools available.\nProtect the Evidence One of the\u00a0key fundamentals\u00a0to effective Incident Response is preserving evidence collected in the digital forensics investigation. It\u2019s essential that your team is properly trained in the chain of custody that needs to be respected during their response and they use software tools that collect all evidence of cyberattacks in a forensically sound manner.\nMemorialize the Response Finally, it\u2019s a best practice to make sure that someone on your Incident Response team is charged with taking very thorough journal notes of all aspects of the investigation into the breach \u2013 this includes the actions taken, the dates\/times they were taken, the people who were responsible, the results and any follow-up that was necessary. By committing every component of the response to a memorial record, you will be able to learn from what went right and what went wrong, then make appropriate adjustments for the next inevitable cyberattack that requires an Incident Response.\n\nIt\u2019s essential for any organization to invest in the best possible cybersecurity system in order to protect themselves against cyberattacks \u2014 but don\u2019t be misled \u2026 you can\u2019t stop cybercriminals, all you can do is try to make it harder for them and slow them down. A clear Incident Response protocol can help organizations assess the damage from a breach and deal with the problem in a fast, forensically sound manner.