Cyber-attacks are inevitable to any business. But during a cyber-attack incident, there is no time to waste. Just like a 911 call, your cyber-security partner should start providing immediate remote support upon notification to assess the gravity of the incident and work to contain it.
How prepared is your business to handle a cyber incident or defend against a cyber-attack? Here are your key steps to preparing a robust incident response capability:
1. Preparation (Pre-Incident)
- Incident management Framework design & built
- Incident response checklists and procedures
- Incident testing & War Room simulations
- Security Assurance & Risk Management
- Cyber Security Insurance & Incident Response Retainer
2. Identify
- Initial incident assessment checklist
- Confirm incident severity
- Assemble Crisis Management Team (CMT)
- Identify key internal and external stakeholders & Confirm communication frequency & medium
- Liaise with / engage Public Relations and Legal functions early and as required
- Provide regular communications & updates to key stakeholders
3. Contain
- Identify containment options to mitigate business impacts
- Targeted intervention for affected systems
- Removal & replacement of systems when required
- Confirm success of containment & increased monitoring
- Continue regular communications & updates to key stakeholders
4. Investigate
- Collection of evidence
- Forensic investigation to determine root cause(s)
- Continue regular communications & updates to key stakeholders
5. Eradicate
- Planned removal and mitigation of attack vectors
- Continue regular communications & updates to key stakeholders
6. Recover
- Confirm eradication
- Continue regular communications & updates to key stakeholders
7. Improve
- Detailed post-incident report & presentation tailored to specific executive, business and technical audiences
- Conduct risk assessment to identify similar exposures
- Define mitigation activities to prevent recurrence.
Privasec consultants have years of experience in helping organisations prevent, prepare and manage security incidents to protect their businesses. Whether you have just experienced an incident, or are planning your resilience strategy, our expert cybersecurity team can help you plan your resilience, manage your incident and recover to avoid recurrence. Privasec Incident Response services include but are not limited to:
- Emergency Incident Response: Get immediate support and guidance at the drop of a hat when you need it most. Just like calling 911 or 000 for help. Our Emergency Response line is available 24/7.
- Incident Response Retainer: Get guaranteed immediate access to our most senior responders 24/7. Save time and money by establishing a defined and agreed engagement plan to ensure no time is wasted.
- Digital Forensics: Our skilled forensic investigators collect preserved evidence to investigate the causes and consequences of the incident. We maintain a chain of custody and can testify in court.
- Recovery guidance & Recurrence Prevention: We provide security expertise through the recovery of business services to ensure that new systems do not introduce further vulnerabilities.
- Post Incident Assessment: Assess a particular incident and its response to provide an accurate statement of events, identify similar risks and ensure that recurrences are prevented.
- Drone Intrusion Response: We respond to drone intrusion, payload delivery and attacks and help mitigate the threat of unidentified UAS and drones. Privasec’s specialised company, DroneSec provides drone and counter-drone hacking, incident response and forensic services.
- SCADA & ICS Incident Response: As SCADA and ICS ethical hackers we know the criticality, sensitivity and cost of ICS incidents. We leverage years of experience as ICS engineers and testers to lead ICS operators to a prompt containment and recurrence prevention.
Privasec consultants have years of experience in helping organisations prevent, prepare and manage security incidents to protect their businesses. Whether you have just experienced an incident, or are planning your resilience strategy, our expert cyber security team can help you plan your resilience, manage a live incident and recover from it or provide advice on how to avoid a recurrence. Call T(AU): 1800 996 001, T(NZ): 222 4725, T(SG): 6631 8375 or email [email protected] to know more.