cyber security breach emergency response
THINK YOU’VE BEEN BREACHED?
WE’RE READY TO HELP
INVESTIGATE AND CONTAIN THE BREACH
The first step is always to gain an understanding of the current situation. This will include getting a timeline of key events, identifying the data that has been collected, steps taken upon discovery etc.
Recognising there has been an attack and identifying the cause is vital to containing the damage and nullifying the threat. Attacks are becoming ever more sophisticated and it’s now common practice for one attack to act as a smokescreen for another. Not all attacks are announced and come with ransom notes. Attackers tend to try and stay hidden once they get in to explore then exploit whatever vulnerabilities they can find. Even if your team has recognised a specific type of attack, it is essential to investigate if the vulnerabilities that allowed them access are still there. Using backups to restore systems to a state prior to an attack may still leave an open door for the attackers.
POST BREACH SERVICES
Even if you haven’t engaged with Infosec Partners before we can still help regardless whether you or your service provider have already tried to fix it. Depending on your objectives, we will always start by carrying out a STATE-OF-SECURITY ASSESSMENT followed by containment of any threats that may still exist. Typically, goals are a combination of:
- Identify data loss
- Recover from the event
- Determine attack vector
- Identify the attacker
- Confirm that there are no other undetected breaches
- Orchestration of staff
- Guidance to management e.g. external communications
Collection of evidence
Using advanced data recovery and forensic techniques, we ensure preservation of evidence to law enforcement standards.
The relevant analysis is carried out depending on the evidence collected and agreed objectives.
Provide management direction
At all stages, management are guided by Infosec Partners on what steps need to be taken, including internal and external communications (our experienced PR partners are able to guide your communications).
Develop remediation plan & Investigation report
Remediation will vary according to the breach type and extent, as well as the size and type of client organisation. The report will contain all parts of the response, carried out as well as recommended actions aimed at preventing other events and minimising the impact of any future events. This report will also help calculate the financial impact, which can be used for regulatory reports and insurance requirements.
Be better prepared for the next attack
Clear lessons have to be identified and learned and demonstrable actions for improvement must be actioned. Of particular importance is your organisation’s strategy for cyber risk management. Is this mature and simply needs tweaking or is significantly lacking and needs better planning. Not all attacks can be prevented, and the increasing number of attacks means that you’re more likely to need to have a well prepared cyber incident response plan (CIRP) and a clear and a well-drilled cyber incident response team (CIRT) who know their roles and can respond immediately when needed.