Incident Response

The SpearTip Difference – Our Incident Response Methodology

WHEN YOU’VE BEEN BREACHED, OUR CYBER HUNT TEAM WILL:

  • Identify security gaps

  • Investigate possible threats

  • Search for unknown malware

ONCE WE HAVE DIAGNOSED THE BREACH, OUR TEAM WILL:

  • Isolate the threat

  • Retrieve and reverse-engineer the malware in your network

  • Identify and quarantine compromised systems

ARE YOU PREPARED TO RESPOND? FIND OUT, WITH SPEARTIP’S

BREACH ASSESSMENT

Adversary Cyber Hunt > Redefining Incident Response

Find out how long they’ve been inside your network and stop the clock TODAY.

EXPERIENCING A BREACH OF YOUR INTERNAL SYSTEMS?

CONTACT SPEARTIP TODAY.

Incident Response Checklist

While this checklist is far from all-inclusive, it’s meant as an idea starter for your company and your cyber security team. Below are a few critical measures to consider, should you discover or seriously suspect a breach.

The natural reaction to a breach is to immediately power down the infected device or system. Cutting the power could mean disaster. Some forms of malware are designed to destroy data and self-destruct in the event of a shutdown. Rather than powering down, remove the network cable.

Call SpearTip immediately. Sure, this sounds self-serving, but enlisting a third party is the smartest move you can make. We will efficiently and effectively mitigate the breach. Plus, bringing in outside experts gives you added credibility in the event of legal action.
Prepare for the worst, which means legal action. Keep a detailed list of everyone who comes in contact with the breached computer or system and what they do. You need to demonstrate that you handled the breach appropriately in the eyes of the law.
Once we have identified the breach and quarantined the system or machine, you will want to keep everything away from the problem until the problem is fully mitigated. One false move could cause the breach to spread.

Make a list of all current and former employees who could have accessed the system. Also include all vendors and outside parties with access. Sadly, many of the worst breaches are “inside jobs.”

Most states now have laws that mandate time periods for informing necessary parties about the breach. Know the laws and know when to bring in the lawyers.
Never try to handle damage control on your own. PR professionals can help you with talking points and media relations if you get to that point. One poorly stated phrase could cost your organization thousands or even millions of dollars. Watch every word you say.
You’ve been breached and you’re focusing on your organization, but you also need to be in damage control mode. Show empathy to clients and parties with compromised data. Explain what you’re doing to protect everyone effected and how you’re working to remedy the breach.
incident response