A single phishing email, ill-intentioned employee, or IT misconfiguration can spell disaster for organizations both large and small. Cyber incidents like these can result in significant losses for an organization due to theft of sensitive information including intellectual property and confidential data, brand and reputation damage, significant impacts to customers and partners, as well as direct financial losses and penalties. Deloitte’s elite team of cyber incident responders empower customers to minimize the impact of these incidents to business operations, safeguard sensitive information, and ensure a successful recovery in the wake of a cyber incident.
Full-blown cyber incidents call for the deployment of Deloitte’s incident response experts to defend your organization from threats that include infection by ransomware and other malware, device loss, insider threats, IT misconfiguration, data theft, and espionage. Deloitte’s worldwide presence in 870 locations across 150 countries means that time-sensitive incident response operations can be rapidly carried out. These operations follow a common, agile approach that consists of intake, identification and analysis, containment and eradication, and finally post-incident activities. Throughout this process, Deloitte’s crisis management staff works alongside technical incident responders to understand the nature of the incident, determine its impact to business operations, assist with internal and external communication, and provide guidance to executive leadership.
IntakeThe intake phase involves the implementation of processes and measures to prepare for cyber incidents. These processes involve the definition of roles, responsibilities and communications channels, as well as ensuring that attacks can be detected and remedied through technical measures.
Identification & AnalysisThis phase includes detecting cyber incidents and determining their impact to the business. In addition, a technical review of the entire incident takes place in order to understand the context of the incident and minimize the risk of such incidents in the future. This is accomplished through forensic analysis of computing and networking devices, analysis of network traffic, malware analysis, and additional techniques.
Containment & EradicationThe third phase allows for the development of technical and procedural measures to keep the incident from spreading to other parts of the infrastructure. Using the analysis from Phase 2, the team works to eliminate the ongoing threat to the organization.
Post-Incident ActivityAfter Phase 3 is completed and the organization has returned to business as usual, the incident is fully analysed in consultation with all stakeholders. Technical and procedural strategies are recommended to more effectively defend against and respond to similar threats in the future. Additional activities can be planned to improve the cyber resilience of the organization, including awareness-raising campaigns or the implementation of technologies that can mitigate cyber risk.
Deloitte offers a wide range of incident response services, including:
- Individual Incident Response Engagements to address a specific incident that a customer is experiencing.
- Retainer-based Incident Response, which ensures a rapid response to incidents regardless of where in the world the incident is occurring through Deloitte’s global network of incident responders. For retainer clients, incident response experts are available 24 hours a day and 7 days a week, which means that rapid resolution to incidents is only a phone call away.
- Breach Indicator Assessments, which allow for the proactive hunting of threats on customer networks using advanced sensor technology and leads to the mitigation of discovered threats.
- Capability Assessments that measure a customer’s native ability to respond to cyber incidents and provide valuable, specific insight into how to improve the organization’s capabilities and overall resilience to cyber threats.
- Training to improve the in-house proficiencies of a customer’s incident response team.