The term “Cyber Incident Response” refers to the steps or actions performed when a network or system has been comprised or is suspected to be under attack. An incident response looks to evaluate the current situation and the impact of an attack. Following a comprehensive review of your networks and systems, cyber security specialists will outline and implement the most appropriate actions to resolve the situation – from recovery to future prevention, incident response is the real-time solution when preventative measures fail.
The main theme of incident response is about setting up a predefined plan of action to follow when something occurs in terms of Cyber Security. Due to the increasing rate of Cyber Attacks, it is, unfortunately, becoming far more likely to happen to any business.
This means that businesses need to know what to do if the worst happens.
You can think of it like a fire drill in an office. You obviously don’t expect a fire to happen, but if you haven’t practised your responses ahead of time, staff might needlessly panic and end up doing more damage to themselves or the business than the incident could have done alone. Preparation is the main theme here.
The best thing about this is that instead of having a mass evacuation of humans from a building, the software you implement will do all the running around for you in a variety of ways, in a systematic and planned method.
Cyber Security Incident tools can be set up to work in ways that complement your business and working strategy using both manual and automated processes, such as sandboxing threats and the shutting down of ports and access. This is where the Cyber Security Incident Response services come into play.
Whilst there is a variety of functions offered depending on the vendor, most include:
Our IR (Incident Response) service offers both proactive and reactive solutions. The reactive service deals with incident engagements after the fact, whereas the proactive aspect is based around consulting for the purposes of prevention.
As we all know, prevention is better than cure, and the preventative measures available include such efforts as tabletop exercises, IR planning, maturity and readiness assessments alongside the more advanced services which include threat assessments on Active Directory, the network, logs, email, endpoints and threat hunting to provide an accurate map of your territory and the possible attacks vectors.
Any attempted or successful unauthorised access, use, destruction, disclosure or modification of data.
Ideally, you follow the guide within your incident response plan. If you are yet to establish one but have been targeted, see below. If you need help, call our number immediately and we can provide assistance.
The plan is set in place is ready to be followed if you are the target of a malicious attack. This includes the immediate actions to stop the attack as quickly as possible, the steps on who to notify, the remediations and assistance to evaluate what has taken place and allow you to return to normal working order swiftly.
One of our company catchphrases is “Do not reinvent the wheel, just realign it”. Call to have a conversation with one of our expert consultants ready to brief you on the most suitable options for your business, now.
The standard recommendation for a Penetration Test is yearly due to the increasing number of threats and methods attackers have access to, however, it can be as often as monthly if circumstances require.
If you find yourself using Penetration Testing services with a high degree of regularity, we suggest you review the solutions available from RS22 in DAST (Dynamic Application Security Testing) and BAS (Breach & Attach Simulation). These solutions are continuous and prevent many common mistakes occurring.