In the land of incident response (IR), one of the key things for any business that has an issue, beyond identifying the issue, is the speed at which you can react. A recent study by the International Business Machines Corporation (IBM) found that the average time to detect, react to and contain a data breach is 280 days. This shows that companies still have a long way to go to improve both their incident response and their cyber security.
The primary benefit of having an IR service is that you have someone to call who knows what they’re doing and can start helping you resolve your issue there and then.
Let’s imagine you run a business and you have been hacked, or your network has been infiltrated with ransomware. If you’re an SME-size business, you might be fortunate and have an incident response team of around three to four people, but chances are they’re not specialists. In today’s society very few companies have the capacity, resources or financial backing for an in-house security team that can sit around and effectively wait for things to go wrong. Even with the best IT team in the world you may have a plan and you may have a process, but until you actually have to act on a cyber-attack it’s going to be a hair-on-fire type situation. You may well be panicking about what you’re going to do and how are you’re going to do it… and quite frankly you don’t have the time to do so.
This is where IntaForensics’ retained services comes in. We are the extension to your team. You may have your in-house expertise, but if you have a cyber incident, we have the instant capability and the right skillset to help you respond and recover quickly. As a retained services customer, not only will you receive a first-class technical response capability, but you will also receive other benefits depending on tier of service you choose.
With our retained services plan, you will receive either a review or bespoke creation of an Incident Response Plan tailored to your organisation, depending on what you currently have in place. When it comes to incident response, it’s a case of fail to prepare, prepare to fail. Because we act as an extension of your team, one of the key things we do is to really understand the customer from a business perspective.
We will go through an onboarding process with you, spending time with your organisation to find out about your business, how you work, how you’re wired up, what you have, what you don’t have etc. to get a good understanding of how you work as an organisation. This is particularly important when it comes to the technological aspect of your business because the key for an effective response is centred around us at IntaForensics knowing what procedures and equipment you have to work with. We capture all this up front from the very beginning, so to not waste time doing so when something goes wrong.
If you were a walk-in customer on the other hand, we would spend a bit of time asking the questions above. By this point we’re already losing time in terms of helping you with a response, as we have to ask all of those exploratory questions first. By the time we get round to the fundamentals you’re already 24-48 hours into the incident. In the current climate, who knows what could’ve gone on in that time. Perhaps all your data has been sold, or perhaps you’ve already been successfully ransomwared by that point.
The onboarding process shortcuts all of that. As soon as you sign and get the retainer, we complete the onboarding and get all those questions out of the way. If you then do have an incident that you need our help with, we know enough about the company to be able to act right away and contain or remediate the issue.
From your perspective as the customer, there are commercial advantages to becoming a retained customer as well. You will receive a reduced day rate when you call upon us for incident response. Walk-in customers, however, do not benefit from the discounted rate.
In addition, the entire deployment process is much quicker for a retained customer. This would be incredibly beneficial for you, as you would have someone working for you straight away. Chances are senior managers will be breathing down your neck because the business can’t run, you can’t restore your systems, and the longer it takes for them to restore normal business operations the bigger the financial ramifications. Keeping that window as short as possible is one of our main priorities.
We also offer many other benefits, including proactive services. We review your company’s policies and processes to make sure you’re as cyber secure as possible. If you’re a customer that’s reasonably mature from a security perspective, we will take some time to review the policies and procedures that you currently have in place. If you don’t have any of these then we can create it for you as part of the retainer, which is essentially a free add on.
We also offer incident response training as part of tiers three and four. Essentially, we can help you help yourselves. We’ll spend time with your team going through some incident response training. The training can be technical or it can be board-level, which would involve us talking to your executive board or C-Level colleagues about cyber risks, incident preparedness and so forth. We can also conduct hands-on technical training as well, if appropriate.
Another key feature of our retained service package is vulnerability scanning. This is testing we carry out against your infrastructure or internet-facing systems. The scan identifies whether there’s something that you’re presenting to the outside world a hacker could potentially target. It looks for things such as outdated services, components that haven’t been updated, for instance outdated web servers, websites and out-of-support software that hackers could potentially break into. Vulnerability scanning is the service that looks for the obvious targets, which is essentially the work that hackers would do. Identifying these issues before they are exploited gives you the ability to fix them before they become a problem.
The core of our retained service is that response capability. Recently we have received requests from customers who have called upon us for a second opinion. In the fallout of the Kaseya ransomware attack, for example, we were contacted by a large company, a customer of ours, that utilises this software in their stores. When the hack came out, criminals had broken into Kaseya and deployed the ransomware, encrypting all their customers data. Luckily for our customer, the particular version of the software they were using wasn’t affected. However, they did utilise our out-of-hours hotline service, to check they acted accordingly with the Kaseya breach to minimise the risk of an incident.
The worst-case scenario for not having retained services is if you have an incident that’s fast moving, and unfortunately most of them are. It’s the lead time that you need. The more time that you waste wondering what to do, Googling or trying to find a company to help you, the more time attackers are spending hacking away at your system… they’re only going to make more progress if there’s no one there to stop them, slow them down, or even just to confirm what they’re doing. Who knows where your data, or your customer’s data, is going.
Additionally, the introduction of regulations such as General Data Protection Regulation (GDPR) means that companies also have reporting deadlines to adhere to. As soon as you report to the Information Commissioners Office (ICO) notifying them that you have an incident, the clock starts ticking from that point, even if you don’t know all the details yet. If in a few days/weeks/months the ICO decides to investigate your company in a bit more detail, you need to be able to demonstrate to them that you were doing things properly and taking the right kind of steps. The worst-case scenario here is that they may decide to penalise you because you didn’t take the correct preventative measures or look at sourcing your incident response out properly to a company like IntaForensics.
Worse still, your data could be taken by hackers and sold on the internet. You’ll have lost your customers private and secure details, putting your reputation in tatters. In addition to this, the financial implications are likely to be colossal. According to the Ponemon Institute’s Cost of a Data Breach Report 2020, organisations spend around £2.9 million recovering from security incidents.
Cybercrime is a real cost for organisations and can have huge financial implications to get these issues fixed without any proper planning, procedures, or backups in place, depending upon the parameters of the business. This makes our retained service offering perfect for companies that are looking to improve their security posture.
Hacks are becoming increasingly more popular and are having real world effects. Even schools are falling victims to data breaches of this kind, with two schools in Tunbridge Wells having to close recently after hackers broke into their servers. Across the pond, the Colonial Pipeline hack in the U.S. was one of the most significant attacks in national infrastructure history.
These sorts of attacks are becoming ever more prevalent in the current climate. There’s likely to be changes afoot in government, to strongly encourage companies to take cyber-crime more seriously… and it would be best to get yourself ahead of the curve and get some incident response procedures mapped out through IntaForensics’ retained services.
IntaForensics provides a comprehensive range of cyber security services designed to prevent, monitor, and respond to security breaches.
We boast a team of 50 cyber security and digital forensic experts and a growing market presence. Our consultants will be able to assist with all digital forensic investigations, PCI/DSS QSA, PCI/DSS PFI, Cyber Security and Incident Response.
Quality underpins everything we do, and we are proud to be UKAS 17025:2017 accredited and ISO/IEC 27001:2013, ISO 9001:2015 and ISO 14001:2015 certified.
To find out more about our services Tel: 02477 717 780 to speak with a member of our team or fill-in our online contact form.