A cyber incident response (CIR) refers to a series of processes an organisation takes to address an attack on its IT systems, requiring proper planning, procedures, training, and support by everyone in the organisation. It’s becoming increasingly difficult to prevent information security incidents. But, while it may not always be possible to halt an attack before it penetrates your security perimeter, it’s absolutely within our power to limit the resultant damage and to prevent the attack from spreading. Most organisations need professional help in responding to a cyber security incident in a fast, effective manner.
Regulations such as GDPR and NIS require organisations to respond within 72 hours or face significant fines. However, the full weight of Makarov’s expertise can quickly be brought to bear to the resolution of your security incident.
NCSC Cyber Security Incident Definition
The National Cyber Security Centre defines a cyber security incident as:
- A breach of a system’s security policy in order to affect its integrity or availability
- The unauthorised access or attempted access to a system
Unlike a breach, a cyber security incident doesn’t necessarily mean information is compromised, it only means that information is threatened. An organisation that successfully repels a cyber attack has experienced an incident, but not a breach. Cyber incidents can take many forms, such as denial of service, malware, ransomware or phishing attacks, system misconfiguration and SQL injection.
What is Cyber Incident Response?
The activities which take place during and immediately after an incident are the cyber incident response. These include:
- determining the extent of an incident against an organisation’s systems
- managing its immediate impact
- providing advice and assistance to rectify the compromise of that system
- working to increase security across the network
Cyber incident response also covers producing a report which describes the scope of the problem, its technical impact, its impact on the organisation and, if affected, its partners. It also covers any mitigation activities and makes recommendations for further action. Our cyber incident response service will cover the entire incident investigation cycle to completely eliminate the threat to your organisation. The only viable way to make sure breach notifications are transparent is to have a CIRM (cyber incident response management) system.
Who Is The Cyber Incident Response Service Suitable For?
The Makarov Cyber Incident Response Management (CIRM) service is suitable if your organisation has been victim of a significant cyber attack. Our service conducts all the necessary cyber incident response activities in relation to the attack to help your organisation recover. You may also wish to engage our service before any cyber security incident has taken place as part of your business continuity planning. Makarov cybersecurity experts align risk intelligence with response plan initiatives so that they’re in constant communication, providing the the most up-to-date information needed in order to protect the organisation from a threat or breach.
More and more, cyber insurance providers now expect their clients to demonstrate adequate level of preparedness before making a claim. Bringing in an incident response provider in the middle of an incident without having a retainer in place can significantly delay response due to the time needed for onboarding. It is also worth noting that. response efforts often fail due to a lack of expertise and poor approach to incident response planning. Our CIRM service will help you identify and address threats promptly, ensuring that you know when and how a breach took place, and what needs to be done to reduce the damage.
CIRM also helps organisations comply with the GDPR (General Data Protection Regulation) and the NIS Regulations (Network and Information Systems Regulations 2018). Both require organisations to disclose high-risk breaches to their relevant supervisory authority within 72 hours of discovery. The notification should include as much detail as possible about the nature and scope of the breach. It should also detail the steps the organisation has taken (or plans to take) to respond to the incident.
Additionally, Article 32 of the GDPR states that organisations must take “necessary technical and organisational measures” to ensure a high level of information security. This includes the need to implement an effective incident response plan to contain any damage in the event of a data breach and to prevent future incidents from occurring.
It is our goal to ensure companies generate relevant risk intelligence and that a proper incident response strategy is in place. In the event of a cyber attack, an organisation will be prepared against the latest threats, having the best defences enabled.
Have a question? We’re here to help.
You can reach us through our contact form, by email, or by phone. We will get back to you within 1 business day.
Contact Makarov Intelligence Cyber & Risk Management