Time is critical when managing response to a Cyber security incident. CyBiz’s cross-functional teams and partners can assist organisations to manage the immediate response to a Cyber security Incident during the critical 24 to 72 hours and throughout the ongoing process of organisational recovery and improvement of Cyber resilience.
Your board and executive, legal, IT/security and communications teams all have important roles to play to minimise the short and long-term impact of a Cyber-attack.
Whether or not you need the Cyber Delta Force in your organisation’s Cyber security Incident Response, CyBiz is there to support your organisation to manage the uncertainty and pressure of a Cyber-attack.
During a Cyber security incident, CyBiz’s team assists with managing the incident response, through critical technical support, crisis management and legal support until the incident has been resolved and business operations and systems are functioning as usual. Many of the steps and services below occur in parallel.
Crisis management support
We work with your senior executive team to manage the detailed response, or act as a sounding board for crisis management support.
- Board liaison
- Internal communication
- External communications to stakeholders – customers, suppliers, investors
- ASX Continuous Disclosure Obligations
- Threat actor positioning and negotiations
- Operational decisions
Technical support
CyBiz utilises our technical affiliates who are experienced in sophisticated global incident response to leverage existing and/or deploy new forensic and other technology to understand and contain the threat
- Contain and secure your environment
- Investigate the Cyber-attack – Determining the source of breach, threat actor tactics techniques and procedures (TTPs) utilised, building a timeline of events
- Recovery – Protection and recovery of critical data and systems, backups, decryption
Legal and regulatory support
Whilst CyBiz can provide legal support, technical legal advice is provided through our affiliated law firm.
CyBiz can work with and support your internal legal team and external lawyers.
- Privacy Act obligations – cross jurisdictional where required
- Liaison with authorities and regulators
- Ransomware payment options and decisions
- Reports and advice can be prepared and issued under legal privilege
Post Cyber Security Incident Response Report
A Post Incident Response Report typically covers all aspects of People, Process and Technology, however the approach will be tailored to your organisation’s needs and the specific circumstances and nature of the Cybersecurity Incident.
Once a detailed timeline has been built and an initial understanding of the Cyber security Incident response obtained, we can advise on whether the Incident Response Report should cover all bases, or place greater focus on Governance, Risk management and Compliance or on Vulnerability Scanning and Penetration Testing.