CIR is one of several vendors that policyholders can engage in the event of a cyberattack, including ransomware, business email compromise, funds transfer fraud, network intrusion, web application compromise, and more. Policyholders also have access to pre–breach support with incident response planning and tabletop exercises.

Think of digital forensics and incident response (DFIR) professionals as the first responders for cyber attacks. DFIR is a cybersecurity profession that focuses specifically on identifying how incidents occurred, investigating them as well as mitigating damage through expert remediation advice and services. 

Yes, CIR is an affiliate of Coalition that offers a myriad of cybersecurity services which are available to businesses even if they don’t have cyber insurance through Coalition Risk Solutions Ltd. Contact us today.

Even the largest companies with well-funded security operations will often benefit from assistance from DFIR partners in the event of a cyber incident. That’s because most internal teams and Managed Service Providers (MSPs) have less day-to-day experience handling live incidents. For good reason, most MSPs primary responsibility is to make sure their client’s IT environment is operational and the defensive technology is configured correctly, maintained and monitored. Digital Forensics and Incident Response (‘DFIR’) on the other hand is a specialisation within the cybersecurity field that focuses primarily on investigating, containing and remediating cyber incidents. Because of this, when organisations want help handling cyber incidents, bringing in DFIR specialists is recommended.

Additionally, in the event of a cyber attack there may be legal considerations that your business needs to consider. If a business handles its own investigation, this could lead to improper handling or loss of evidence that is needed to fully conduct an investigation. Businesses that experience a cyber attack often hire an attorney to lead the investigation and direct the DFIR services vendor. This can help protect the business’ investigative findings in the event of litigation.

There are a lot of things businesses can and should do right now to be better prepared to respond quickly when a cyber incident is developing or when one strikes. 

One of the most effective preparation measures for organisations of any size is a cyber incident response plan. There is tremendous value for an organisation in planning for a cyber incident to ensure internal stakeholders and decision makers have a trusted roadmap to guide them through the incident response process. The plan doesn’t need to be long or complex but it should be tested to make sure everyone involved knows their role and how they support the process. 

We also recommend reviewing the Cybersecurity & Infrastructure Security Agency (CISA) guidance here. It’s organised by role, and provides clear and actionable recommendations for risk reduction.  While it’s designed for small businesses, it’s applicable to organisations of any sizes and type.

For more complex organisations, we recommend using a more comprehensive framework such as the Center for Internet Security’s Controls, which can be customised to match your organisation’s risk profile. Many of these frameworks are free of charge and help internal teams handle the complexity of modern information security challenges. Learn more.

Maintain well-tested, routine, offline backups of critical business data. Businesses can avoid paying a ransom demand or losing data by implementing and testing offline backups so that in the event of a ransomware incident, restoration of such data is possible without the need to pay the cyber criminal’s demand.