An incident response, sometimes referred to as an IR, is a set of security policies and procedures. These are in place to identify, contain, and eliminate cyber-attacks. The primary goal of an incident response is to halt such cyber-attacks, minimise potential damage and prevent an attack occurring in the future.
Our Incident Response Process
At Cambridge Support we have a multi-stage incident response process. This process exists to help get your systems back to normality if a breach occurred. We have an expert incident response team that responds to all incidents immediately. Our process includes:
Planning is key. Having an incident response plan will ensure both prevention and a response are established if an incident occurs. In our planning we make a list of IT assets such as servers, networks, and endpoints, plus identifying their importance. We also categorise which elements hold sensitive data. In addition, we also set up monitoring so that there is a baseline of normal activity. These aspects are crucial for a plan.
Our rapid response engineers will identify the source of the breach, regardless of where it originated. At this stage, information needs to be collected to learn more regarding the situation. The questions below are necessary to ask:
- When did the incident happen?
- How was it discovered?
- Who discovered it?
- What was the scope of the compromise?
- Are there any other areas affected?
- Are operations affected?
- Has the source point been discovered?
Once the security breach has been identified, our engineers will restore the affected systems and infrastructure. If needed, we will also restore and recover any stolen data and get your systems functioning again. This could be identifying all the affected hosts, removing malware, and resetting passwords for the breached accounts. Lastly, once the threat has been eliminated, the systems must be restored and recover normal operations as soon as possible. At the same time ensuring that the same assets are not targeted again.
A central part of the incident response process is preventing incidents from happening in the first place. It is also a matter of learning from previous incidents to improve the process. In addition to the questions listed within the detected stage, a few more questions should be asked. Such as:
- How well did the incident response engineers deal with the incident?
- What information was needed sooner?
- What could the employees do differently to prevent the incident occurring?
- Do the employees need training?
- Have lessons been learned?
- What additional tools or resources could have helped to prevent the incident?
How Cambridge Support Can Help
As an IT support provider, we understand risks. Such risks and incidents are not just technical problems, they are business problems. We know that incidents can cause operational infringement, financial loss and even reputational damage. Therefore, the sooner they can be mitigated, the less damage they will cause. If you have any security concerns, feel free to contact us on 01223 901 900 or email at email@example.com.