If you have a business email compromise incident and you haven’t deteced it in a timely manner your fist notification might be a bad experiance, the threat actors may have commited fraud, attemped fraud or simply launched a phishing If you have a business email compromise incident and you haven’t detected it in a timely manner your fist notification might be a bad experience, the threat actors may have committed fraud, attempted fraud, or simply launched a phishing campaign from your environment. If you are in this position, there are some steps you can take from a technical point of view to limit impact and reduce risk of a re-occurrence. This blog is a high-level view at some of the tactical and longer-term activities you can conduct.Read more “Post Business Email Compromise actions for Office 365 Users”
Drill, drill more and drill again
I’ve worked with hundreds of companies over the years and one area I consistently see them struggle with is incident response drills. Sure I see some board level table top simulations but nothing says i’m ready more than practising actual responses.
In table tops people mainly assume the log files exist, they assume the resources are there, they assume the best. I’m not a pessimist but I assume breach and assume things will go wrong (even with preperation).
So to help people I put together an Incident Response planning toolkit workbook. This excel document is a rough guide of different types of incidents and different horror levels (there’s a cool D00M flavoured easter egg in there too). Now one thing, you will need to tailor this. BEC for example can be very simple to repel and remediate, however the cost and impact of BEC can be huge (even if it’s a single mailbox) so take the numbers in here with a pinch of salt and tailor it to suit your needs.
Fail to Plan, Plan to Fail
Failing to plan for a cyber incident both large or small is a sure fire way to ensure you are planning to fail! So with this in mind we thought we’d share a quick workbook to try and kick start your mind into NOT planning to fail!Read more “Cyber Incident Response – Have you planned to fail?”