Cybersecurity Incident Response Team
The identification and confirmation of a cyber incident begins with the counting of the time during which the organization records potential losses. This time is particularly important when the target of an attack is personal data, a key service or a digital service. In this case, organizations are subject to overarching legal requirements that define how to deal with an incident and also require reporting a security breach. This time should be spent on eliminating the opponent, identifying and understanding the problem, identifying attacked systems and data, and confirming whether they have been disclosed. Forensic BLUE Energy specialists provide our clients with knowledge and tools that allow to determine the scale of the problem and restore normal operation. Thanks to an interdisciplinary team, methodology and technology, we provide quick reporting and comprehensively support clients in contacts with CSIRT, UODO or law enforcement authorities.
The most common errors in the IT area of the audited organizations
Forensic BLUE Energy specialists operate in accordance with a proven and improved procedure in the event of a cybersecurity incident. The procedure begins with an assessment of the situation and an interview with the client. An investigation then begins to identify gaps and discrepancies between the desired and target state of the attack subject. At this stage, engineers segregate, secure and analyze the evidence that confirms the cyber incident. At the same time, work is underway to implement countermeasures. At the same time, when the subject of an attack is personal data, key or digital systems, the subject, scope, range and impact of the attack are analyzed, and when legal requirements require informing the supervisory authorities about the attack, appropriate documentation is prepared. Additionally, crisis communication is developed at the client’s request. The entire process is coordinated by the appointed crisis team, which includes representatives of the client and BLUE Energy experts.
Pursuant to the Act on the national cybersecurity system, the operator of a key and digital service is required to report an incident considered as serious or with a defined severity threshold to the appropriate CSIRT immediately, not exceeding 24 hours from its identification.
Pursuant to the Act on the Protection of Personal Data, the Data Controller is obliged to report a breach of personal data protection to the Personal Data Protection Office no later than 72 hours after the identification of the event. In the event that the rights or freedoms of the persons whose data were leaked have been lost, the Data Administrator is also obliged to inform these persons.
Moreover, there are a number of sectoral regulatory requirements that impose obligations related not only to the notification, but also to the handling of the incident or the appropriate securing of evidence.
After the service is launched, a crisis management team is convened. The staff usually meet remotely in the teleconference mode. At this point, a decision is also made to send forensic engineers to the client’s location (if necessary).
Implementation of investigative activities in accordance with the procedure for the occurrence of a cybersecurity incident.
Provision of post-incident analysis, regulatory documentation, conclusions from performed tests and a report on corrective actions.
Organization of a closing meeting to assess the consequences, successes and areas for improvement.
Our wide range of services can help you tackle various aspects of cyberthreats while helping your organization by proactively educating on current threats, process improvements, and risk mitigation. It is important to identify exactly how the cyberattack originated to ensure that the attack does not repeat itself. The Cybersecurity Incident Response Team is ready to provide the assistance you need to recover and restore your organization to full operational efficiency.