Everything you need to know about incident response


Learn more about the ins and outs of incident response

What is Incident Response?

Incident Response (IR) is the systematic approach to managing a cyber security incident. Like firefighters to a burning building, we help identify the source of danger, the scope of damage, and strategise an approach to contain and exterminate the threat.

Often, an incident response strategy also includes aspects of crisis management, digital forensic investigation, and legal or public relations support (as needed). The ultimate goal of incident response is to limit damage and identify the root cause of the incident to better manage future risks. Effective incident response allows you to remediate a situation faster, protecting sensitive data, your company’s reputation, and revenue streams.

What is Digital Forensics?

Digital forensics is the process of uncovering and interpreting electronic data from digital devices. Data collected from these devices help identify and preserve evidentiary materials in an organisation’s digital infrastructure, and can be very important in an investigation relating to a cyber attack.

Digital forensics practices include:

  • File System Forensics—whereby file systems within the endpoint are analyzed for signs of compromise
  • Memory Forensics—whereby the computer memory is analyzed for attack indicators that may not appear within the file system
  • Network Forensics—whereby network activity—including emailing, messaging and web browsing—is reviewed to identify an attack, understand the cyber criminal’s attack techniques and gauge the scope of the incident
  • Log Analysis—whereby activity records or logs are reviewed and interpreted to identify suspicious activity or anomalous events

On top of this, analysis from the digital forensics team can help shape and strengthen preventative security measures, such as with compromise assessments. This can enable the organisation to reduce overall risk, as well as speed future response times. Digital forensics enables Blackpanda specialists to piece through the aftermath of an attack in order to better understand how the breach happened in the first place.

Ransomware Incident Response

Ransomware attacks have been on the rise, with the Asia Pacific region alone experiencing a 168% increase in ransomware incidents in 2021 compared to the previous year.. Not only are ransomware attacks becoming more common, but they are targeting organisations across all sectors and sizes, from large multinationals to Small-Medium Enterprises (SMEs) and startups. In this article, we look at how your company can protect itself from ransomware and what to do in the event that you experience an attack.

Falling victim to ransomware can be a stressful and emotional time, and an experienced IR company such as Blackpanda provides invaluable help in containing the attack, eradicating the malware, and restoring business as usual, all whilst managing PR, negotiating with the attackers, and ensuring safety and legality throughout. 

Incident Response Regulations

On January 18th, 2021, the Monetary Authority of Singapore (MAS) released its latest revision to The Notice on Technology Risk Management (TRM). Key to this update are the requirements to investigate and report certain cyber incidents to the MAS.

The TRM applies to financial institutions (FIs) in Singapore. FIs include (but are not limited to) all banks, licensed financial advisers, licensed insurers, registered insurance brokers, and recognized market operators incorporated in Singapore. 

With Incident Response and Reporting now mandatory for compliance with MAS guidelines, Blackpanda produced an advisory covering reporting requirements and the capabilities needed to support an investigation.

How to Create an Incident Response Plan? 

Much like fire drills, incident response is a business process that should be actively and regularly practised such that it becomes second nature even during high-pressure situations.

An incident response plan must be put in place to guide in mitigating attacks and recovery. This plan must follow the SANS Institute and NIST prescribed processes for a methodical and more organised approach. However, it must be noted that not all cybersecurity incidents are similar in nature and importance. While some may require rigid investigations due to the complexity of the attack and the size of the damage, others might simply be login failures or isolated cases.

That said, your company must keep a list of possible event and incident types with specifics on when each event needs a thorough investigation. You will then have to modify your incident response processes accordingly. Follow this guide to understand the key steps to building an effective incident response plan.

How Do You Build an Effective Incident Response Team?

Handling cyber security incidents can be stressful, especially with uncertainty regarding cause, remediation, and the extent of the impact. However, firms are often required to respond to an attack immediately with whatever information is available, or they run the risk of greater loss. This stress intensifies when firms do not know what to do or whom to call, leaving them seemingly helpless and more susceptible to loss.

To better prepare for cyber emergencies, firms should invest in a team of incident responders who are equipped with technical skills to act quickly and reliably. The incident response team is responsible for mitigating the effects of an incident in a timely and organized manner, including analyzing the intrusion, containing the impact, investigating the root cause, and remediating the issue.

Is Incident Response a Good Career Option?

Cyber security companies report that skilled talent is hard to find, and offer good pay and learning opportunities to those who have the relevant competencies and predisposition to grow into these roles.

Working in cyber security exposes you to a fast paced and rapidly developing environment. As the cyber threat landscape is constantly evolving, staying up to date on the latest cyber threats and malicious actors is crucial to success with new roles being born as cyber threats and cyber regulations develop. In Asia, a Cyber Security Analyst can expect a salary between USD$ 22,000 and USD$77,000 a year 

– –

Blackpanda is Asia's premier Digital Forensics and Incident Response firm specialising in Digital Forensics and Incident Response. 

To schedule an exploratory call with one of our experts or if you are experiencing a breach contact us here. For more information, contact us to schedule an exploratory call with one of our experts here.

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cyber security news that helps you stay informed. Test it today, you can always unsubscribe.