03 September 2020
Incident Response - taking stock
The recent Distributed Denial of Service (DDoS) attacks on the NZX are a clear demonstration of how cyberattacks adversely impact business operations causing reputational and financial damage.
Some New Zealand organisations may not have any measures in place to prevent a DDoS attack, and possibly do not see a strong business requirement to protect their online services from such an attack. However, this unfortunate event should act as a timely reminder that all organisations should take stock of their Incident Response (IR) plans and the associated execution processes, in the event of any form of cyberattack.
The benefit of having a comprehensive IR plan is that you can improve the speed and effectiveness of your team in dealing with a real-life incident.
Our Incident Response experts can assist an organisation to develop an IR plan or refresh the key components of an existing IR plan.
To ensure the IR plan execution steps are clearly understood, we can formalise the IR roles and “war room” structure, walk through an IR scenario using a sample playbook and prepare suitable supporting IR documentation, including a library of our 18+ IR playbooks.
Click Here to view our Execution Pack.
For those organisations that want to quickly start an actual incident response process without requiring in-house expertise, we have a First Responder Forensic Toolkit (FRFT) available. Having the FRFT onsite means that within minutes you can react to a potential incident and start collecting the data necessary to complete an initial triage exercise, which is paramount in conducting an effective investigation during incident response.
View the FRFT Infographic
View a previous article – In the Event of a Breach Time is of the Essence
CERTNZ seeing growth in the number of reported incidents
The recent release of quarterly reporting from CERTNZ (the body that supports New Zealand businesses, organisations, and individuals affected by cyber security incidents) shows a significant increase in incidents reported so far this year (3,102), compared to the same period last year (2,189).
The report outlines that the reason for the increase in activity was likely to have stemmed from more people using technology in the lockdown period, improving user awareness of cyber threats, and more cybercriminal activity.
Some of the incident categories tracked include – phishing and credential harvesting, scams and fraud, unauthorised access, ransomware, and denial of service.
Click Here to view the report and sign up for CERTNZ updates.