First, you have two competing Number One priorities: Stop the current attack (if it's still going on) and prevent a new one; and keep systems fully functional so that sales are in no way impacted. Those two priorities don't play well with each other, and that's what we're exploring in our Guest Column this week on the new McAfee security blog. Conflicts aside, there is a logical sequence of events that retailers need to follow the instant a breach is discovered.
There is no shortage of advice on ways to try and prevent a data breach. But if it happens to you, do you have a plan of precisely what to do after the fact? Very few retailers do. Lots of complicating factors exist, such as the probability that the breach will be discovered many months after it ended, plus the fact that the bad guys will almost certainly have radically altered the logs. But the essential issue is that you have an urgent need to do several things immediately.