Cyber Incident Response

Incident response
Disaster recovery readiness

Security incidents can happen without warning, and some go undetected for long periods of time.

Organisations can struggle to identify incidents. This is often because they work in silos, or that those responsible for identifying and dealing with threats are overwhelmed by the volume of alerts and noise.

All of this slows and impacts an organisations incident response effectiveness.

Planning for an incident

Organisations need to develop and implement appropriate activities to take action when they detect a cyber security incident.

You should have a response plan that will help to effectively communicate, contain and analyse an incident. And you should use what you learn during an incident to improve future response plans.

When something happens

When something happens, you need to forensically understand the threat and how it was able to get into the network. This means reviewing historical event logs which will help to provide information about the source of the threat and how it spreads.

It is often helpful to compare asset states from before and after an incident. This is an effective technique to ensure you can identify and manage all traces of the adversary, as well as understand potential improvement opportunities.

Tailor made, consultative support

We help to protect organisation by supporting them with their ICS-defined incident response plans, helping to ensure the right mitigations are in place and clearly identifying who is responsible for coordinating when an incident happens; helping to reduce downtime and the severity of an incident.

We provide tailor made assessments that take a dynamic and consultative approach.

We know what being prepared looks like, and we can evaluate your current cyber incident response plan, research your environment, evaluate your response capabilities, and help to identify gaps.

We strive to ensure that risks are mitigated and the correct measures are in place.

We will work with your organisation to identify the applicable Industrial Control System (ICS) assets to conduct a risk assessment and highlight any vulnerabilities or threats to your systems.

We will analyse the potential impact a cyber security incident could have on your control system. And our risk assessments will also help to identify options for risk treatment such as separate segregated environments for critical infrastructure, or increased security controls.

Incident response plans

After a risk assessment has been conducted, a tailored incident response plan suited to the control systems requirements can be developed with the guidance of our experienced cyber consultants.

An ICS incident response plan will typically include

Identification of types of vulnerabilities and potential threats to the control systems and likely types of cyber attacks
Instructions and information detailing how to detect cyber incidents and their severity
Defined roles and responsibilities for key personnel in the event of a cyber incident
Determining the appropriate response to a cyber incident to contain risk and restore ICS operations back to normal without removing forensic evidence
Include communication response plan which details how an incident will be communicated to key stakeholders such as customers or press, and who will be responsible for the communication