Incident Response (IR)

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. P1 (Priority One) Cyber can help you when your having an Incident, we specialise in providing expert support all types of attacks. Types of security incidents There are various types of security incidents and ways to classify them. What may be considered an incident for one organization might not be as critical for another. The following are a few examples of common incidents that can have a negative impact:
  • A distributed denial of service (DDoS) attack against critical cloud services.
  • A malware or ransomware infection that has encrypted critical business files across the corporate network.
  • A successful phishing attempt that has led to the exposure of personally identifiable information (PII) of customers.
  • An unencrypted laptop known to have sensitive customer records that has gone missing.
We recommend all organisations have an Incident Response Plan, P1 (Priority One) Cyber can help you create an Incident Response Plan: The Six key phases of an incident response plan:
  1. Preparation. Preparing users and IT staff to handle potential incidents, should they arise.
  2. Identification. Determining whether an event qualifies as a security incident.
  3. Containment. Limiting the damage of the incident and isolating affected systems to prevent further damage.
  4. Eradication. Finding the root cause of the incident and removing affected systems from the production environment.
  5. Recovery. Ensuring no threat remains and permitting affected systems back into the production environment.
  6. Lessons learned. Completing incident documentation, performing analysis to learn from the incident and potentially improving future response efforts. P1 (Priority One) specialise in providing support during Ransomware Attacks:
What is a Ransomware Attack? A type of malicious software designed to encrypt or block access to a computer system or files until a sum of money is paid. What's the price tag? 209M Amount ransomware victims paid out in Q1 2016 (SRC. FBI). Bitcoin is the #1 payment medium in ransomware attacks, namely because of the anonymity and difficulty to trace transactions. 70% Enterprise ransomware victims paid up. 25% Paid between $20,000 USD and $40,000 USD. Who are the targets? Individuals, business, hospitals, schools, government agencies. What Attack Vectors do threat actors use? Email or websites; sometimes directly to the system via backdoors. What Systems are affected? Notoriously Windows, but recently broadened to Linux, OS X, and even Android devices. What happens to the system? Files or systems are locked. Files or systems are encrypted. The victim has an average of 72 hours to pay the ransom. Or... files are deleted.