Incident Response – Talk about bad timing!

In response to Clive’s Blog on Smart Thinking about incident response – he couldn’t have picked a worse time. Right in the middle of putting together and planning some of the largest projects we have in the pipeline and organising the day-to-day support work – I did not want to play! (Clive said he wouldn’t censor this!)

However, just like Clive, a hacker wouldn’t care about my calendar.

Incident Response - I have a Virus! — Incident Response – I have a Virus!

Your incident response plan needs to be ready to go… whenever.

So I got on with the incident response training exercise.

I was able to change the relevant passwords and documented the effects. I have also updated our Incident Response plan to highlight the people responsible for each service we use. The procedure in which passwords are changed and sent to the relevant parties has been made more secure. How? Well that is a secret, shared between us and any of our clients who buy into our cyber security framework. We do not want to share that information in an open blog post, where threat actors using a bit of OSINT could find out about it!

Not sure what OSINT is? Have a read here to find out how your most innocent of social media posts could let the hack into your organisation:

The Basics of Cyber Security – A quick look at OSINT and Redacting

Why I do not like “Meet the Team” web pages

What next for our incident response training?

We will be having some more meetings on this but it just proves that in order to have business continuity and mitigate any potential threats there should be a procedure for incident response in your organisation and remember prevention is better than cure. Staff training on cyber security is key because no matter how much tech we have in place for getting this under control it is almost always human error that leads to a successful hacking attempt.

CyberAwake

Our services such as CyberAwake and our user training programmes can help train and test your staff with simulated phishing attacks to educate them on the correct response.

All organisations should have an incident response plan in place, if you or anyone you know would be interested in this then please get in touch.

Martin Mayes – by-line and other articles

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_141969298_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

Your incident response plan needs to be ready to go… whenever.

What next for our incident response training?

CyberAwake

Further Reading