A startup company has recently experienced a major cyber-attack which has hampered their daily operations. While they have backup measures in place, there's no proper incident response blueprint. In such a dire situation, what should be their IMMEDIATE course of action?