Incident Response (IR)

Listen to a recent webinar recording and learn how an Incident Response (IR) plan, if properly executed, will significantly reduce the risk and exposure to your clients and your firm.

More often than not, after an event has been detected and its root cause is determined to be of malicious origins, many organizations may find themselves unequipped to respond appropriately. BW Cyber’s Incident Management team can assist by providing an experienced IR coordination to manage the process. The team will advise applicable parties who can accurately assess the incident, including coordinating with the organization’s IT, privacy counsel, cyber insurance parties, and if applicable, law enforcement. The Incident Management team will provide guidance to make timely decisions on the appropriate course of action to reduce any potential financial or reputational impact.

Download this 2-page guide and learn key things asset management executives need to know about cyber Incident Response.

Digital Forensics

We possess the expertise to provide immediate, on-demand forensic support in all cyber breaches. We quickly identify what happened, how it happened and when the breach occurred. This is an area where our deep technical expertise and strong industry experience (e.g., coordination with law enforcement) are critical to success.

  • Business Email Compromise (BEC) – compromise of a user’s mailbox
  • Cloud Compromise – compromise of cloud-based infrastructure or subscribed public services (i.e., Microsoft O365)
  • Insider Threat – a malicious threat to an organization that comes from trusted people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data, and computer systems.
  • Network Compromise – compromise of the internal network
  • Ransomware – potentially a component of either network or cloud compromise, an event which leads to data being cryptolocked and held for ransom by a malicious actor demanding anonymous payment for decryption keys

Incident Response Tabletop Exercise Training

BW Cyber Incident Management team can also lead a live IR Tabletop Exercise with key Cybersecurity IR Stakeholders to train and test the use cases most likely to affect the organization. A key takeaway from the IR Tabletop Exercise is that any shortfalls related to checklists or procedures necessary to support an IR investigation can be applied in an updated revision to the IR Plan. Key benefits of the IR Tabletop Exercise include:

  • Understanding of common IR scenarios
  • Understanding of how to use IR Plan checklists and manage response time metrics for all key phases within each scenario.
  • Understanding the who is response to oversee and follow the structured processes for meeting cadence, call trees, and associated project administration (e.g., action items, due dates, etc.)
  • Understanding how and when to use Out-of-Band communications
  • Ransomware – potentially a component of either network or cloud compromise, an event which leads to data being cryptolocked and held for ransom by a malicious actor demanding anonymous payment for decryption keys
  • Understanding of all critical 3rd parties who need to be aware of the IR plan ensuring they understand their supporting role and related response times in the event of an actual Cyber Incident

Read Our Latest Case Studies