DFIR Fundamentals

Everything You Need to Know About Incident Response

Incident Response Teams, Careers, Regulations, Planning, and Phases of Response.

What is Incident Response?

Incident Response (IR) is the systematic approach to managing a cyber security incident. Like firefighters to a burning building, we help identify the source of danger, the scope of damage, and strategize an approach to contain and exterminate the threat. Often, an incident response strategy also includes aspects of crisis management, digital forensic investigation, and legal or public relations support (as needed). The ultimate goal of incident response is to limit damage and identify the root cause of the incident to better manage future risks. Effective incident response allows you to remediate a situation faster, protecting sensitive data, your company’s reputation, and revenue streams.

Ransomware Incident Response

Ransomware attacks have been on the rise, with the Asia Pacific region alone experiencing a 168% increase in ransomware incidents in 2021 compared to the previous year.. Not only are ransomware attacks becoming more common, but they are targeting organizations across all sectors and sizes, from large multinationals to Small-Medium Enterprises (SMEs) and startups.

In this article, we look at how your company can protect itself from ransomware and what to do in the event that you experience an attack.

Falling victim to ransomware can be a stressful and emotional time, and an experienced IR company such as Blackpanda provides invaluable help in containing the attack, eradicating the malware, and restoring business as usual, all whilst managing PR, negotiating with the attackers, and ensuring safety and legality throughout.

Incident Response Regulations

On January 18th, 2021, the Monetary Authority of Singapore (MAS) released its latest revision to The Notice on Technology Risk Management (TRM). Key to this update are the requirements to investigate and report certain cyber incidents to the MAS.

The TRM applies to financial institutions (FIs) in Singapore. FIs include (but are not limited to) all banks, licensed financial advisers, licensed insurers, registered insurance brokers, and recognized market operators incorporated in Singapore.

With Incident Response and Reporting now mandatory for compliance with MAS guidelines, Blackpanda produced an advisory covering reporting requirements and the capabilities needed to support an investigation.

"A well-designed incident response plan lays out the procedures and protocols to be taken, as well as contingencies across a range of attack types"

How to Create an Incident Response Plan?

Much like fire drills, incident response is a business process that should be actively and regularly practiced such that it becomes second nature even during high-pressure situations.​

An incident response plan must be put in place to guide in mitigating attacks and recovery. This plan must follow the SANS Institute and NIST prescribed processes for a methodical and more organized approach.

However, it must be noted that not all cybersecurity incidents are similar in nature and importance. While some may require rigid investigations due to the complexity of the attack and the size of the damage, others might simply be login failures or isolated cases.

That said, your company must keep a list of possible event and incident types with specifics on when each event needs a thorough investigation. You will then have to modify your incident response processes accordingly.

Follow this guide to understand the key steps to building an effective incident response plan.

How Do You Build an Effective Incident Response Team?

Handling cyber security incidents can be stressful, especially with uncertainty regarding cause, remediation, and the extent of the impact. However, firms are often required to respond to an attack immediately with whatever information is available, or they run the risk of greater loss. This stress intensifies when firms do not know what to do or whom to call, leaving them seemingly helpless and more susceptible to loss.

To better prepare for cyber emergencies, firms should invest in a team of incident responders who are equipped with technical skills to act quickly and reliably. The incident response team is responsible for mitigating the effects of an incident in a timely and organized manner, including analyzing the intrusion, containing the impact, investigating the root cause, and remediating the issue.

Is Incident Response a Good Career Option?

Cyber security companies report that skilled talent is hard to find, and offer good pay and learning opportunities to those who have the relevant competencies and predisposition to grow into these roles.

Working in cyber security exposes you to a fast paced and rapidly developing environment. As the cyber threat landscape is constantly evolving, staying up to date on the latest cyber threats and malicious actors is crucial to success with new roles being born as cyber threats and cyber regulations develop.

In Asia, a Cyber Security Analyst can expect a salary between USD$ 22,000 and USD$77,000 a year

Interested in speaking to a DFIR specialist?

Contact Us

Trusted by the best to defend against and respond to cyber crises.

See our partners