No two incidents are the same, but there is some commonality in the types of support our clients ask for. These are the activities we are best practiced at:

Cyber Incident Management – Reducing the impact of an incident through efficient, coordinated, and structured management including activity prioritisation, work stream design, project management, resolver team management, and senior stakeholder liaison and communication.

Log File Analysis – Investigation of logs from existing sources to detect anomalous activity and identify indicators of compromise and adversary behavioursEndpoint Forensics – Collection, preservation, and analysis of information or evidence gathered from applications, memory, and files on endpoints

Network Forensics – Analysis of network traffic to identify anomalous activity and indicators of compromise or active adversaries

Malware Analysis – Analysis of executables, scripts, or known malicious software to understand their purpose and identify malicious activity through dynamic and static reverse engineering

Threat Hunting - Proactively search to detect and isolate existing threats which may have evaded security defences, in contrast with the traditional reactive threat management approach which typically involves an investigation after potential incidents have set off alarms

Our Cyber Incident Response team can help you investigate, respond to, and recover from a wide range of potential incidents, often varying in size, complexity, and geographic location. Some of the most common incidents we are asked to assist with include:

Phishing and Business Email Compromise (BEC) – An incident in which cyber criminals target employees’ email accounts to obtain sensitive information such as credentials and financial information. Business Email Compromise (BEC) is a particular form of phishing in which cyber criminals attempt to defraud an organization e.g. wire / invoice fraud)

Ransomware – An incident in which cyber criminals deploy sophisticated malware to encrypt or “lock” IT systems (servers, workstations, mobile devices, etc.), until a ransom is paid. Increasingly, cyber criminals also steal large quantities of data from a target network to increase their leverage against the organization (known as double extortion).

Improper Usage - An incident resulting from violation of an organisation’s acceptable usage policies by an authorised user. This could be accidental or on purpose but should be reviewed to ensure suitable action is taken.

Web Application Attacks – An incident impacting a web application or service, such as a public-facing company website, e-commerce / digital store website, business-to-business web application, or application programming interface (API).

Advanced Attacks - Targeted attacks from an individual or other credible organisation often with the intention to steal corporate data. These attacks can use any form of delivery mechanism but are hard to detect and even harder to effectively remediate.

Data Breach – Any incident which results in unauthorised access to or disclosure of sensitive data (including personal, health, financial information, etc.). Depending on the organisation and the incident, organisations may have obligations to notify regulators, governments, and individuals of such data breaches.

Our clients regularly need a range of specialist services during incidents. Our practice operates a global network of cyber incident responders and provides access to multiple specialist services when you need them most, including:

Digital Forensics – Our digital forensics team acquires, preserves, and analyses all types of digital forensic evidence.

Cyber Intelligence Centre (CIC) - Our global network of CICs provide fully customisable, 24/7/365, managed security solutions, tightly integrated with our incident response and other cyber advisory services, so you don’t have to face the challenge on your own.

Cyber Threat Intelligence (CTI) – Our CTI service provides a search capability across the internet (surface, deep, and dark web) and social media to look for compromised data or identify malicious activity and indicators of compromise relating to cyber incidents.

Data Breach / Privacy Support - Our data privacy specialists can help to minimise the impact associated with a data breach including assessing nature of impacted data and navigating data breach notification requirements

Crisis Management and Communications – Our crisis and communications professionals are trained to support internal teams and board-level executives with all decision making.

Business Continuity – Our Business Continuity subject matter professionals assist organisations in returning to ‘business as usual’ as swiftly as possible after an incident.

Technology Recovery – Our Technology Recovery subject matter professionals can support you in enacting your contingency plans and returning technical operations and systems to a normal state after a cyber attack, or other disruption.

Penetration Testing – Our team of specialist penetration testers offers a broad range of capabilities, including network and web application penetration testing, and red and purple teaming.

Cyber Strategy and Transformation – Uplifting your overall cyber security program. Our Cyber Strategy services balance the requirements to be secure, vigilant, and resilient with strategic objectives and the risk appetite of your organisation.

Prevention is better than cure, and our Cyber Incident Response Advisory services enable you to prepare your incident response capabilities by aligning your people, processes, and technology strategies to proven methodologies. Led and delivered by our Cyber Incident Responders and incorporating lessons learnt from the most recent live incidents, our services include:

Policies, Procedures, and Playbooks – Designing, developing, and embedding tailored incident response policies, plans, and playbooks.

Incident Readiness Assessments – Reviewing your current Cyber Incident Response capabilities (e.g. ransomware readiness assessments)

Cyber Wargaming and Exercises – Exercising and rehearsing your end-to-end organisational response to a cyber incident through workshops, desktops, and technical or non-technical simulations.

Compromise Assessments and Threat Hunting – Identifying and resolving indicators of existing network compromise or threats, and resolving events before they become incidents.

CIR Transformation Program – Uplifting your Cyber Incident Response (CIR) capability (incorporating people, processes, and technology).