Incident Response Services

Incident Response Services

Nearly every organisation is compromised at least once, thousands of organisations are compromised and don’t realise because they don’t know, what they don’t know!

Unless your cyber infrastructure is relatively advanced and managed by experienced cyber security staff it is likely you may not have the full picture.

KHIPU provide incident response services for two main customer types:-

  • Customer X – Isn’t sure if they are compromised and wants to know.
  • Customer Y – Is aware of an incident, wants to know impact and remediation steps.

There is always the third customer type  who will claim they never have had any incidents, the experts at KHIPU find this very unlikely. From our experience across a wide range of customer types, the appetite for risk is normally higher than they would admit to.

 

Khipu Cyber Incident Response

Our cyber engineers combine their expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 100 or 100,000 endpoints, our consultants can be up and running in a matter of hours, analysing your networks for malicious activity.

What we will do

Assessing the situation

Each investigation begins by gaining an understanding of the current situation. How was the issue detected? What data has been collected? What steps have been taken? What does the environment look like?

Verifying client objectives

The next step is to define objectives that are practical and achievable. The goal may be to identify data loss, recover from the event, determine the attack vector, identify the attacker or some combination of those objectives.

Collecting evidence

KHIPU Incident Responders collect information with forensically sound procedures and document evidence handling with chain-of-custody procedures that are consistent with law enforcement standards.

Performing analysis

Based on the evidence that is available and the clients objectives, KHIPU draws on skills that range from forensic imaging to malware and log analysis in order to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.

Providing management direction

During each investigation, KHIPU works closely with client management to provide detailed, structured and frequent status reports that communicate findings and equip its clients to make the right business decisions.

Developing remediation plans

Remediation plans vary depending on the extent of the compromise, the size of the organisation and the tactics/objectives of the attacker. As part of an investigation, KHIPU delivers a comprehensive remediation plan and assists with the implementation.

Developing investigative reporting

KHIPU provides a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.

First build your own plan

The plan should, at a minimum, be reviewed annually by an external cyber security company or consultants, for instance KHIPU can help you.

  1. Assign a C-Level executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
  2. Develop systematic chart of risks, threats, and potential failure points, each with an appropriate response and a rating of how it could impact your organisation.  Refresh them regularly based on changes in the threat environment.
  3. Develop easily accessible quick-response guides for likely scenarios and hold your staff accountable for knowing what to do in the event of an incident.
  4. Establish processes for making major decisions, such as when to isolate compromised areas of your network.  (This may involve bringing certain systems offline, so you have to weigh the risk costs vs downtime costs)
  5. Maintain relationships with key external stakeholders, such as law enforcement and the Information Commissioner in the event of data loss.
  6. Maintain service-level agreements and relationships with external breach-remediation providers and experts, such as KHIPU.
  7. Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
  8. Identify the individuals who are critical to incident response and ensure redundancy.
  9. Train, practice, and run simulated breaches to develop response “muscle memory.” The best-prepared organisations routinely stress-test their plans, increasing employee awareness and fine-tuning their response.