Cyber Incident Response Plan

Take the steps now to be able to recover from cyber attacks when they happen.

Our security engineers will be on site in a matter of hours.

If your ICT system has been compromised by malware or cyber crime, our skilled and experienced security engineers can get your system up and running fast.

We provide an annual Cyber Security Incident Response contract so that you know our roles and responsibilities during your next cyber attack. Our experts will take care of your organisation every step of the way.

Our security engineers will be on site in a matter of hours.

Create your Incident Response Policy today.

We know that you handle sensitive data and we will help you protect it. Our security incident management team will investigate the incident and identify all security threats.

After the disaster recovery process, we will work with your organisation to protect your network from future cyber attacks.

If our incident management services can help your organisation, then let’s create an incident response policy today.

Create your Incident Response Policy today.
Talk to a Specialist

Our Process

We know what it’s like to go through a cybersecurity incident, and we will ensure that the process is carried out exactly as your organisation needs. We are here to help you recover from cyber attacks safely and quickly.

Our Process

Our experts will be as non intrusive as possible because we understand the importance of business continuity. We will work in the background ensuring that all incidents are handled discreetly and quickly. Should it be possible, subject to the nature of the attack, Gaia will attempt to restore your key infrastructure as a priority.

Our Cyber Security Incident Response Plan

One of our experts will arrive to your site within hours of the incident because disaster recovery is easiest when it is addressed quickly.

We will perform a forensic investigation so that we can identify where your network was penetrated.

Our Cyber Security Incident Response Plan
After the investigation, we will provide you with an incident report that outlines the following details:

  • Identify a suspected cybersecurity incident.

  • Establish the objectives of any investigation and clean-up operation.

  • Analyse all available information related to the potential cybersecurity incident.

  • Determine what has actually happened.

  • Identify what systems; networks and information assets have been compromised.

  • Attempt to establish, wherever possible. who or where the attack took place i.e. which threat agent or agents and why e.g. financial gain, hacktivism, espionage, revenge, challenge or just for fun. Working out how it happened e.g. how did the attacker gain entry to the system. Unfortunately modern hackers are very sophisticated and this might not be possible.

  • Determine the potential business impact of the cybersecurity incident.

  • Undertake the required remedial activity including removing viruses, removing porn and other foreign data, restoring website operations. closing breaches, reconfigurations, rebuilding servers using the last backup data.

Our Incident Response Procedure
Identify the cybersecurity incident
Identify the cybersecurity incident
The most challenging part of the incident response process is accurately detecting and assessing possible cybersecurity incidents. Our experts will identify where the incident has occurred, the type, extent, and magnitude of the problem.
Assess the situation
Assess the situation
Each investigation begins by gaining an understanding of the current situation. How was the issue detected? What data has been collected? What steps have been taken? What does the environment look like? This will help us identify the problem and fix it quickly.
Perform analysis
Perform analysis
Based on the evidence and the client’s objectives, our team draws on skills that range from forensic imaging to malware and log analysis in order to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.
Provide management direction
Provide management direction
During each investigation, we work closely with our client management team to provide detailed, structured and frequent status reports that communicate findings and equip our clients to make the right business decisions.
Verify client objectives
Verify client objectives
The next step is to define practical and achievable objectives. The goal is to identify data loss, recover from the event, determine the attack vector, and identify the attacker. We can also create a comprehensive plan to reduce risk of future security threats.
Develop remediation plans
Develop remediation plans
As part of an investigation, we will deliver a comprehensive remediation plan and assist with the implementation.
Collect evidence
Collect evidence
The Gaia team will follow the steps of our policies and procedures very carefully so that we can fully document the entire incident. This allows us to collect information that could potentially be used in the event that you need to contact law enforcement.
Develop investigative reporting
Develop investigative reporting
We then provide a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences. This will be in the form of a RAG report as well as any documentation that the police may require. Recover systems, data and connectivity
Talk to a Specialist
Types of Cyber Attacks
  • Malware
  • Phishing
  • Password Attacks
  • Rogue Software
  • SQL Injection Attacks (SQLi)
  • Man in the Middle" (MITM)
  • Drive-By Downloads
  • Malvertising
  • Denial-of-Service (DoS) Attacks