What is Post Breach Incident Response?
Post-breach Incident Response is the process of responding to a security breach after it has happened. This can be historical, and you are only just learning about it now, or it might have just happened. You may have no idea what has happened to you or your company, and this can be perfectly normal. Many of our previous clients have noticed some unusual activity and called us in to assess and assist.
We will support you through the incident, and work out exactly what is happening, how far it extends, and how to contain and eradicate the attack. We understand how confusing and traumatising these events can be, and will work with you throughout the recovery process to minimise the impact of the breach, assess the extent of the damage, and complete root cause analysis to allow you to prevent similar incidents in future.
We will detect and analyse unusual or malicious activity, determine the scope of the investigation, and take steps to restore your systems to a secure, working state. We will review the entire system to look for additional Threat Actor activity and potential lateral movement to identify the potential harm that could be caused to you or your business.
What should I do first?
If you have been affected by a breach or unusual unexplained activity, leave the device powered on and isolate it from the internet and any connected networks. Then make contact with the Incident Response Team at Pragma for an initial case discussion and scoping.
To seek professional support from Pragma email [email protected] and we will respond within the hour to provide specialised support. If you are already a Pragma Incident Response Retainer Customer, please link in directly with your point of contact for immediate support.
Do I have to do anything?
The decision of whether you should do anything is likely to be an easy one because a lack of action will likely lead to the complete compromise of your network and potentially your business. Without specialist assistance the Threat Actor may still have access to your data and export personal information relating to customers. Many global regulators have imposed significant fines on firms who fail to protect personal data from unauthorised access, disclosure, and loss. Pragma can work with you to take reasonable steps to minimise the effects.
Why use Pragma?
Pragma provides expertise and resources that many companies can lack. When a breach occurs, time is of the essence. The longer a company waits to respond, the greater the damage and the more difficult it is to recover. We have the experience, skills, and tools to quickly identify and contain the attack, minimise damage, preserve vital evidence, and restore operations. We can also help prevent similar future attacks by identifying vulnerabilities and implementing security measures.
Successful root cause identification allows us to work with you to develop effective and sustainable solutions to prevent future incidents from occurring. Our digital forensic investigation will often identify the Threat Actor activity in the affected systems and can provide valuable insight into data that has been exfiltrated during the incident. This can be vital in the identification of reportable data when considering whether an incident is notifiable under local law.
You will be allocated a single point of contact and we will provide you with regular updates in easily understandable, non-technical language when required. Our forensic Incident Responders will work with you from an early stage to help you to effectively contain the incident and identify a scope for the investigation. We will provide valuable support throughout the incident providing regular simple to understand updates on the findings.
Our Incident Responders are extremely experienced in these matters and come from a mixture of law enforcement, military, and private sector backgrounds to provide a wealth of experience. Our forensic processes are certified by CREST, the de facto standard for the cyber forensics industry.
Where are Pragma based?
Pragma is a global company with sites in Singapore, the United Kingdom and Australia. We have responders around the world and will be able to support you through your incident wherever you are located.