(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

Breach / Incident Response (ID999)

Year of the breach

Few events can damage a company’s brand and the trust of its customers more than a data incident, defined as either the loss or misuse of customer data. As stated by Zappos CEO Tony Hsieh following the breach of their 24 million customers, “We have spent over 12 years building our reputation and trust, it is painful to see us take so many steps back due to a single incident.”

2011 was highlighted as the “Year of the breach” due to the high-profile cyber breaches that were experienced by both large companies such as Sony and smaller organisations worldwide. Many of the breaches including Sony, Epsilon, RSA and NASDAQ, were due to external attacks, including server exploits and passwords compromised via phishing and forged email. Other data loss incidents resulted from lost notebooks, hard drives and files erroneously sent in email or posted on public sites.

The statistics

According to the Verizon 2011 Data Breach Notification report, 50% of all data breaches were through hacking (up 10% over 2010) and 49% incorporated malware (up 11% over 2010). Most alarming is that 96% were avoidable through simple steps and internal controls.

This report provides further insights into where to focus counter measures, revealing that while hacking constituted 50% of the breaches, these incidents represented 76% of the records. Surprisingly, physical attacks (where the attacker is using a computer at one of your locations, as opposed to a remote, or “cyber” attack) continue to rise significantly, with 29% of breaches involving physical attacks (up 14% over 2010).

The ID999 service

BII's ID999 team of first responders started out with incident response consultants and forensic investigators in 2005 providing ad-hoc service when required. The demand for post incident services grew rapidly in London UK and has since expanded across Europe and North America. Spurred on by continual cyber-criminal activity and ever increasing malware threats many organisations have now chosen BII as their dedicated cyber security partner.

Incident response and incident management as a whole has moved towards more mature phases of development. Although there are still new teams forming, many existing teams are focusing on increasing their responsiveness and improving effectiveness none more so than BII. 

Having developed further understanding of missing layers in the preperation and delivery of digital forensic services BII developed ID999 which encompasses the following components:

Pre-incident services

  • Forensic awereness training.
  • Forensic readiness planning (consultancy & documentation).
  • Internal and external vulnerability pen tests (see PREA).
  • Forensic incident response plan (documentation bespoke to organisation).
  • Policy and incident real-time scenario stress testing.

Post-incident services

  • Incident room (telephone, email, remote support).
  • Forensic first response.
  • On-site forensic examinations.
  • Off-site investigations, reporting and courtroom testimony .

Sign up for ID999

BII's ID999 service was created in response to retained services with a London based crisis management company. The service is proactive (assessment and mitigation) as well as reactive in nature. As your dedicated incident response team BII adds assurance through multiple verticles including external public relations assistance if required. 

ID999 is an annually retained service bespoke to your business. Having combined experience disinfecting systems, running forensic examinations and protecting corporate reputation, BII is positioned to add real value and reassurance. ID999 can reduce your business cyber risk exposure utilising our proactive assessment services whilst also being on call for any incident that may occur in or out of business hours.

Please contact us today for more information.

Metrics

ID999 are developing internal quantitative and qualitative methods for benchmarking operations and measuring forensic response success. The ID999 baselines help identify requirements, components, services, and processes for successful incident response or incident management. Mechanisms will also be needed to help plan a path of improvement so that teams can not only identify and understand the current state, but define the desired state and a path to reach that state.

With this intelligence BII can help identify trending risks to the team's mission success, determine a strategy for change and improvement, and ultimately improve the overall security posture of the organisation we are working with.

Whitelabel service

BII's ID999 service is now white-labelled by IT support companies, IT resellers, Security vendors, Incident response organisations and global Insurance companies. If your organisation would like to add ID999 or aspects of our service delivery to your own business portfolio then please get in touch today.