Incident Report

The threat of cybercrime is the new reality for enterprises worldwide. It is not a matter of if you will be targeted, it is a matter of when. Unfortunately, most organizations are not proactive in their approach to information security; until they have been breached. Emrads Inc. has practical experience addressing and managing the most complex security breaches. Through timely and strategic response to security incidents, Emrads Inc. reduces recovery time, costs and damages.

If you have in place a well-thought-out cyber security incident response plan (IRP), you will know how to act swiftly and in the best ways possible to protect your network, operations and reputation. Whether you want to validate an existing IRP or are developing your first plan, Emrads experts can help.

Matchless Insight Built into Every Incident Response Plan

As incident responders who every year work globally on thousands of cyber matters, we know the risk landscape well. We also have witnessed the value of organizations being prepared. In helping clients develop or validate an IRP, Emrads experts follow a methodology that integrates our front-line experience investigating persistent and emerging threats with guidance from leading security standards, such as the NIST Cybersecurity Framework and CIS Controls™ along with unique considerations based on your environment.

Some of the areas we will help you cover in building your plan include the following:

• Assembling your incident response team (IRT).
  Subject matter experts and key resources enterprise- wide should be involved in the response to ensure coverage of specific incident-related issues.
• Assigning IRT responsibilities.
  The role of everyone on the IRT should be outlined and each team member’s responsibilities clearly defined.
• Outlining technical protocols.
  It is human nature for technical teams to want to try and fix something before having to escalate the problem. Unfortunately, this often leads to a loss of critical evidence that has hurt many organizations. We can advise on the steps for IT and security teams to follow upon detecting an issue, including escalation points.
• Determining authority to call an incident.
  Your IRP should also cover protocols related to notifying senior leadership, external partners such as outside counsel or your insurance carrier, and regional or industry-specific regulators.
• Establishing communications procedures and responsibilities.
  In a crisis, the ability to communicate cannot be taken for granted. We will help you examine and decide how the IRT will communicate securely if corporate email becomes unsafe to use or not accessible due to ransomware. Also, we will help you determine who will communicate with external parties, such as outside counsel, your insurance carrier, law enforcement, the media and regulators.
• Gathering and documenting pertinent information.
  Our experts will help ensure you compile information that will be critical to have in the event of an incident. This includes technical diagrams/schematics as well as comprehensive contact information for key resources such as:
  • IRT members and their alternates (backups)
  • Essential internal stakeholders (e.g., executives and legal counsel)
  • Vendors or providers of specialty services, e.g., investigations, forensics and remediation; breach notification; crisis communications; and cyber insurance
• Determining a review and testing schedule.
  IRPs cannot be a create-and-forget exercise. Based on the complexity of your organization, we will help you determine measures for updating the plan organically (e.g., when members leave the company or change roles) and provide for a regular testing schedule (e.g., quarterly or annually).

Emrads field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program. You know your organization has a cyber incident response plan (IRP). That’s great. But could that knowledge be giving you a false sense of security? In Emrads experience working on thousands of cyber matters, we have seen crises intensify or escalate when organizations discover their IRPs are outdated or when key team members are not prepared to act according to plan.

Practicing your IRP on a regular basis is key for validating or restoring confidence in your IRP. Emrads Inc, can help with customized incident response tabletop exercises (TTX) led by our seasoned experts. Participating in a Emrads TTX gives the members of your incident response team a valuable opportunity to clarify and rehearse their roles. Ultimately, they will have greater confidence to carry out their assigned duties in the event of an incident. Additionally, a TTX will highlight where gaps are identified, guidance or information (e.g., contact information) needs to be updated.

Seven Steps to Greater Confidence in Responding to a Cyber Incident

Emrads Inc, follows a seven-step process refined by our leading hundreds of tabletop exercises for client organizations of various sizes, complexity and industry sectors.

• Kick Off the Process With Clear Communications
  Emrads cyber experts will hold a call with all participants to provide an overview of the TTX methodology, what to expect during the interviews and a timeline for each step
• Interview Key Stakeholders.
  Our cyber experts will conduct onsite or remote meetings to identify each stakeholder’s duties and experiences with incident response. We will also focus on your overall cyber security concerns. These can include specific factors or vulnerabilities that you perceive within your organization, developments within your industry or another public incident
• Review Current Incident Response Plan and Other Documents
  Our in-depth review of your current incident response plan will focus on identifying gaps that will hamper or decrease the effectiveness of your response
• Develop an Incident Response Plan
  If your organization does not already have a plan, we will develop a unique incident response plan for your organization designed to help you effectively mitigate damage from a cyberattack. We will provide this plan to you and your management approximately one week prior to the TTX
• Create Custom Tabletop Scenarios
  We design these scenarios to encourage communication among all stakeholders. In this way, not only will everyone understand his or her responsibilities and how to respond, but also it will allow any gaps in your incident response plan to be surfaced, identified and resolved.
• Facilitate the TTX
  In this discussion-based event, our cyber investigators will present four to six incident response tabletop scenarios customized for your organization in order to test the complete response plan. This exercise will give those involved an opportunity to experience an incident response in a stress-free, open environment
• Deliver Report
  We will review and provide the results and lessons learned from the exercise and deliver a final report that summarizes our discussions and recommendations

Know How You Will Respond to a Cyber Incident Before One Strikes?

Take advantage of Emrads unrivaled cyber incident response experience to better prepare to respond to a cyber incident. To schedule a customized tabletop exercise for your team, contact Emrads expert today.




INCIDENT COMMANDER

Your first point of contact to understand the scale and scope of the incident. In contact with you and incident controller daily to understand status and support the overall team.




INCIDENT CONTROLLER

Onsite resource responsible for tracking activities and providing daily reporting on the progress of the incident handling.




INCIDENT HANDLER

The resources working on the incident itself. Specifically selected based on their skill and experience. The skills include incident detection/ analysis, incident control/ handling, containment, eradication/ recovery, and forensic investigation/ root cause analysis.




EXAMPLES OF THE INCIDENT RESPONSE SECURITY SUPPORT OFFERED INCLUDE:

• Managed and monitored the customer’s incident bridge
• Isolated the network from external threats
• Disrupted communication channels used by threat actors
• Architected security strategy involving Firewalls, IPS, SIEM, Anti-Virus, and APT appliances
• Deployed all of the security technologies for remediation response
• Developed custom reporting to highlight indicators of compromise
• Provided technical consulting across multiple levels of the organization
• Co-ordinated service restoration to key business functions
• Guided the business on security incident response and remediation strategies