Responding when a cyber incident occurs, to mitigate the impact and investigate
When a cyber incident hits your organisation, a rapid response led by experts is vital to minimise the damage. Our CREST certified team of response consultants can assist you during the critical initial phases of an incident, identifying how an incident occurred and working quickly to put in place a strategy to protect your data.
Using forensically sound methodology and a dynamic approach to incident management we manage an incident in its entirety, from technical analysis of a breach through to assisting legal counsel in the preparation of reports.
We understand that communication is key and our team is comfortable operating alongside senior management to provide clear and factual analysis and briefings to inform the important business decisions that need to be made, at every phase of the incident.
We follow our in house incident response plan, which has been developed during the course of our work on high profile cyber incidents and has been certified by CREST.
Our immediate priorities are:
Communication – Establishing a secure channel of communication with the client to make sure that all correspondence is secure until the cause of the incident is established.
Identification – Quickly establishing the origin of the incident and cutting off any unauthorised access.
Preservation – Making sure all evidence is forensically preserved for use in any future claims or proceedings.
Analysis – Establishing how the incident occurred allowing a comprehensive risk assessment to be made on the extent of the incident.
Recommendation – Advising on steps that can be taken to prevent an incident happening again.
Our team is multi-disciplined, with experience in a wide range of cyber incidents, including:
- Phishing – Compromising accounts by 'socially-engineering' users into revealing credentials.
- Ransomware – Malware designed to encrypt files and folders and demand a ransom for a decryption key.
- Denial of Service (DDoS) – When services are taken offline by overloading machines or networks with traffic.
- Internal Theft – When information is stolen by individuals from inside a network.
- Social Engineering – When fraud is committed by impersonating a company or individual digitally or in person.
- Data Loss – When a malicious act destroys or deletes key data from your network.
We can work where required under instruction on behalf of your legal counsel, as well as assist in the process of cyber insurance claims.
Incident Response Retainer
Experts on hand 24/7/365 to deal with any cyber incident that occurs in your organisation, removing costly delays and making sure that an incident is tackled quickly and efficiently.
When an incident occurs deciding who to turn to can introduce unnecessary problems at a time when the response is counted in minutes and hours - not days. Removing this critical delay at the outset of an incident is a core part of our retained Crisis Response Service, giving you peace of mind that, should the worst happen, you know you have the experts to turn to quickly.
We make sure that we engage with each client on our response retainer before an incident occurs, to learn how the business operates and become familiar with its technology. This helps us respond from a position of knowledge so our team can address the incident without needing to undertake a detailed discovery process - responding at speed with no unnecessary delays.