Incident Response Articles (8)

Common methods an adversary may adopt to cover their tracks

It is essential for attackers to understand how to hide their tracks. This is because they don’t want to leave any evidence that can be used to track them down. This might be a difficult process because we often have protocols in place to detect and log events. For an attacker who wants to stay anonymous, erasing evidence is necessary. It begins with removing the corrupting logs and any error messages generated during the attack procedure.

What will I do as an Incident Responder?

You just landed a new job as an Incident Responder. You have heard that Incident Response involves identifying the incident, containing the incident, recovering from the incident and preventing such an incident form happening again. Have you wondered what really happens in those stages? What might an Incident Responder actually do to ‘handle’ incidents? This blog post will walk you through the sequence of activities typically performed during incident handling.

What is Pre-Incident Preparation?

When paramedics get a call, they immediately swoop into action. They have medical equipment stored and ready to use in their ambulance. Upon reaching the person requiring help, they provide immediate medical care to keep the person comfortable, until they can be taken to a hospital for further treatment. The paramedics collect as much information as they can about the patient’s medical condition and provide it to the doctors. Initial care provided by paramedics is very critical to saving a person’s life. Likewise, Incident Responders are the paramedics of the technology world. Professionals performing incident response must be equipped and prepared to deal with incidents. This can be achieved by executing pre-incident preparation.

What is an Incident Response Toolkit?

Have you seen crime scene investigation (CSI) shows on TV? After a crime occurs, a professional walks in with a bulky case containing equipment to collect fingerprints, take photographs and plastic bags to safely collect evidence. The evidence collected helps provide clues to solve the crime. The professional is an Incident Responder and the bulky case is referred to as Incident Response Toolkit (IRT). Having a ready IRT assists the Incident Responder to collect evidence methodically. The same technique can be adopted to the cyberworld too. This blog post discusses how you can prepare an Incident Response Toolkit to assist in handling cyber incidents.

What role does incident handling play when a cyber attack occurs?

Cyber incidents present a unique challenge for organisations. The rapid pace of change in the technology landscape means that organisations must be prepared to respond to attacks that may not have been seen before.

A short introduction to writing incident response playbooks

Incident response playbooks provide a repeatable process for investigating and responding to security incidents. They can help organizations improve their incident response capabilities by providing a framework for managing incidents, documenting best practices, and sharing information with other responders.

Why do we do incident response?

Incident response is a process that organizations use to manage and mitigate the damage of a security incident. The primary goal of incident response is to protect the organization’s assets and minimize the disruption caused by the incident. There is no single definition of an incident, but most experts agree that an incident is a security event that has the potential to cause harm to the organization. Incidents can include events such as a data breach, a ransomware attack, or a malicious email campaign. Incident response is a critical part of any organization’s security strategy.

Becoming an Incident Responder

Let us assume that a building has caught fire. Firefighters must act at a moment’s notice to extinguish the flames. A building catching fire is an unexpected event. Similar unexpected events occur in the cyber world that affects regular business operations. Any event out of the ordinary qualifies as an incident.