Experiencing a Cyber Incident? Immediate Considerations
- Preserve systems by disconnecting them from the internet and preserve data by isolating your backups.
- If you have cyber insurance, contact your broker or carrier. Contact NetDiligence
- Call your external counsel or ask us to recommend one who specializes in breach response.
- Alert IT resources and critical technology service providers.
- Plan for resource rotations – most large incidents last several weeks.
Surefire Cyber’s Incident Response Framework
Immediate Availability 24/7
A. Alert
We are always here to help you understand the situation, evaluate your options, and work with your lawyer and insurer to structure the right response.
B. Advise
Our on-call response engineers will provide immediate guidance to help you contain an incident—right away and without delay.
C. Structure
We will quickly provide an engagement letter to clearly explain our approach, what services you get, and our fees.
Containment, Monitoring, and Control
D. Deploy Tools
We will leverage your security tools if you have them or provide our response tools if you need them. Our approach is to bring the right toolset to address your unique situation.
E. Monitor and Detect
We will monitor your endpoints for malicious activity and respond with the appropriate action throughout the engagement to ensure you are restoring operations back to a secure state.
F. Cyber Intel
We will provide context and insights related to the threat actor by monitoring the dark web and leveraging our cyber threat intel sources.
Forensic Analysis
G. Investigate
We will analyze what happened: how did the threat actor get into your network, what did they do when they were in, and what data did they access or steal?
H. Report
Upon request, we will produce a forensic report detailing the threat actor activity timeline and material findings of the forensic analysis.
Recovery
I. Negotiate
We will develop a negotiation strategy with you and manage threat actor communications and messaging.
J. Facilitate Payment
Should you decide to make a ransom payment, we will work with you, your legal team, and your cyber insurer to help you make the payment for decryption keys.
K. Restore Data
We will help you restore your data from backups or decrypt it.
L. Restoration
We will help you reduce business interruption by providing technical experts to help you swiftly and securely restore your environment.
Remediate and Fortify
M. Data Mining/eDiscovery
We will examine what data may have been accessed to help your legal team make determinations about notification obligations.
N. Notify
If required, we will partner to facilitate notification of stakeholders (employees, customers, suppliers) impacted by the incident.
O. Strengthen
We will provide clear recommendations to improve your security posture and help you manage action items.
Surefire Cyber’s Tech-Enabled Response Platform
Surefire’s delivery is built on a tech-enabled framework, delivered through a platform that aligns and connects each incident’s breach coach, carrier, broker, and client . Our platform
- Provides convenient and secure 24/7 access through the mobile or web-based application
- Structures key decisions on response strategy
- Provides a real time status view for all response activities
- Organizes work streams across technical teams, executives, lawyers, and responders
- Provides a one-stop solution to facilitate a breach response from onboarding through closeout
- Connects clients and carriers to post incident products and services