If you had a security incident today, how would you deal with it? What steps would you take? Who would need to be involved? Can you manage it in house? Do you have a repeatable, efficient response plan in place?
Over the last decades, organisations have focused on threat protection,threat detection and incident response. But as we lose some control of our computing environment – and as threats become more sophisticated, it’s time to invest in incident response planning.
Most organisations have the technology in place to detect an incident and protect their infrastructure. But incident response is less about technology and more about processes and people – and understanding how to create best practice, repeatable processes to deal with incidents quickly and efficiently.
A recent Global Threat Intelligence (GTIR) report showed that 74% of organisations using our Incident Response services did not have a functional incident response plan in place.
Most organisations don’t have spare resources waiting to leap into action when an incident occurs. Instead they seek advice from us, as a trusted partner. We’re here to help with both rapid response services and proactive incident response planning. And our experiences with clients across the globe means there are very few scenarios that our experts haven’t seen before.
What we do:
Rapid Response service
If you’ve suffered a breach, we’ll help you immediately with guidance, support and technology to deal with the incident and minimise business impact. We’ll deploy a rapid response team and quickly establish a process to deal with the incident. We’ll then contain the cause of incident and provide support and guidance to resolve it. And we will work with you to create a tactical roadmap of recommendations to reduce risk in the future.
Proactive incident response planning:
It’s safe to assume that your organisation will, at some point, suffer a breach. So incident response planning needs to be part of your business continuity planning.
- We’ll help you to create a functional incident response plan which will:
- Define the incident response team along with their roles and responsibilities
- Agree any skill sets that may be required which don’t exist within your organisation
- Define your communications process and plan for effective communication during and after the incident
- Define the criteria to declare when an incident has started as well as when the incident has ended
- Manage all testing to ensure that the process works
There’s a lot more to it that this of course, but predefining the process will allow the response to start within minutes of the incident being declared.
- Business Email Compromise
- Advanced Persistent Threats
- Malware, keyloggers and backdoors
- Insider threats
- Web application attacks
- Targeted IP theft
- Supply chain attacks