AFTER AN INCIDENT 6. Recovery and Response Plan Update • Complete a thorough forensic analysis of the incident and document all steps taken to eliminate the ransomware or remove footholds the threat actor established. • Confirm that backups remain uncorrupted and don’t contain malicious payloads. Restore affected systems. • Inform all relevant third parties and oversight agencies of the steps taken and the removal of the threat. • Make improvements to company systems based on forensics. • Continue to maintain vigilance. Update security systems regularly and adapt employee training to reflect lessons learned. To learn more, visit business.bofa.com. "Bank of America" and "BofA Securities" are the marketing names used by the Global Banking and Global Markets divisions of Bank of America Corporation. Lending, derivatives, other commercial banking activities and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities are performed globally by investment banking affiliates of Bank of America Corporation ("Investment Banking Affiliates"), including, in the United States, BofA Securities Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities Inc. is a registered futures commission merchant with the CFTC and a member of the NFA. 1. Anderson Economic Group, “Dealer Losses Due to CDK Cyberattack Reach $1.02 Billion.” 2. CDK Global, “The State of Dealership Cybersecurity 2024.” 9
RkJQdWJsaXNoZXIy MTg3NDExNQ==