It’s 8:00PM on a Friday, your work email isn’t working, applications are down, and you get a call from your head of IT to report that there has been a ransomware incident. This is just one of the many painful situations that we see on a regular basis, and through that pain, we often see organizations burning the midnight oil trying to get everything up and running by Monday morning. With this added stress, it is often difficult to focus on what’s most important when responding to an incident and looking across containment, forensics, and recovery efforts.
Typically, organizations see these functions as mutually exclusive items, where you either:
While all the response activities above are valid and important, at MOXFIVE, we focus on striking the right balance across the three primary functions – containment, forensics, and recovery. We find it imperative to find that equilibrium early on, so that the response efforts go as smooth as possible.
Sometimes responding to these incidents might seem as mysterious as the Bermuda Triangle. We see them as part of a virtuous cycle – akin to a flywheel - where tying the three together creates momentum as the forensics, containment, and recovery efforts work together. As a result, you are able to respond to an incident quicker and far more effectively. Here are some of the reasons why these three components must balance each other in order to build a smoother, more efficient process:
These workstreams feed off each other and it creates a virtuous cycle that just keeps on spinning smoothly. If one of these functions has more weight over the others, the process will drag and slow all the efforts tremendously. The closer containment, forensics, and recovery teams work together, the smoother the process all throughout, thus spinning the virtuous cycle even faster. Therefore, if you ever experience a ransomware incident, focus on striking the right balance across these three functions, and you might be able to get back online on Monday morning safely.
Jeff is a technical cyber security leader that has helped build incident response teams and has led a large number of digital forensics and incident response investigations. As a technical advisor at MOXFIVE, Jeff has assisted clients in managing incidents and recovering their networks from cyber security attacks.
MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our Technical Advisors serve as an Incident Coordinator to clearly define the incident, the action plan to be executed, and manage the incident response efforts.Learn More
With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.Learn More