Incident Response Now Shaping Security Operations is now shifting to responding to the inevitable security incident or data breach. You need a designated incident response team — either in-house or for hire — in charge of stepping in when an attack gets detected. Most organizations, even those with IR teams, make mistakes in the aftermath of an attack. The biggest mistake organizations make when they start to respond to an attack is to shut down the infected machine in hopes of shaking the bad guys and preventing any further spread of malware.”]
Source: https://www.darkreading.com/attacks-breaches/what-not-to-do-in-a-cyberattack