Fast, Effective Response When You Need It
CSA’s team has the ability and knowledge to deal with any cyber attack from advanced targeted attacks to less sophisticated attacks that bypass your existing security infrastructure. Whilst we focus on ensuring robust strategies for our clients, we are also on hand to support when the worst happens, we can take control and eliminate the threat, quickly and efficiently. In the unfortunate event of a cyber attack, it is essential to get the right support quickly to get a clear understanding of the situation and control the breach in order to put in place an effective incident response plan.
Our Crisis Response Methodology
If a cyber incident or breach should be discovered or suspected, it is critical that rapid and expert techniques are utilised to validate, investigate and remediate.
We follow a proven crisis response methodology when approaching each cyber incident, ensuring that our clients are back to business as usual with minimal disruption and downtime.
Crisis Response Process
CSA’s Incident Response Process
Crisis Response Process
CSA provides 24/7 on-call initial response support to cyber incidents via a phone-call or video conference, typically involving email investigations.
We utilise our full suite of tools to correlate and analyse your data to determine the scope of the incident and identify ‘systems of interest’ to ensure that the investigation is focused on the relevant systems first.
CSA will advise on the providers that can deploy to your location to assist in any containment and response activities.
Isolate and Protect
Systems of interest are tested using a range of tools to identify anomalies and focus the investigation on specific ‘hosts of interest’.
After thorough investigation, CSA will deliver a full report detailing:
Summary of findings
Recommendations to contain or remediate for the short and long term
CSA will deploy AppGuard onto an infected IT infrastructure to isolate and stop a malware infection from spreading further.
Crisis Response Capabilities
Any company that falls victim to a cyber attack will find it difficult to resolve on their own without the right guidance and tools. For any cyber attack, timing is crucial. At short notice, CSA implemented its crisis response capabilities to assist a large transport haulage company who had been victim to fraudulent financial transactions. At the time, it was unknown how large sums of funds had been paid to the cyber-criminal instead of legitimate suppliers, but CSA's swift response soon got to the bottom of it.
Incident Response Planning and Implementation
Information security incidents need to be approached with a timely and well-coordinated response to maximise recovery when multiple stakeholders are involved. CSA facilitated the design, development, implementation and testing of a full incident response capability for a large UK Nuclear client.