CYFOR has a team of incident response specialists who operate 24/7 on an international scale
CYFOR have a fully security cleared Incident Response Team, who are on standby 24 hours a day. They are experienced in responding to search & seize orders, last-minute instructions and data recovery using forensically sound methodology. Operating internationally, we provide a fast and effective response to ensure preservation of evidence, which is critical to the success of any investigation where digital evidence is scrutinised.
CYFOR was contacted by a leading financial institution via our 24 hour emergency number to investigate a laptop containing highly sensitive data that had been stolen but subsequently recovered.
The implications of the data being compromised were huge to the business. The business would have suffered from significant adverse media attention, clients would need to be informed and they were obliged to inform at least two regulators. The overall cost and impact would have been significant and fines and damages could have been anywhere up to £500,000 and beyond.
The organisation instructed CYFOR to undertake an investigation of the recovered laptop. As a result of our investigation, we were able to demonstrate that the data had not been compromised and the organisation were able to report this to their regulators.
The investigation was concluded within 24 hours, reports were provided to the regulators swiftly demonstrating corporate governance and effective response on behalf of the client. There was also no requirement to notify third parties as no data was lost. The regulators were satisfied that the organisation reacted appropriately and diligently, therefore fines were reduced significantly.
Actual cost to the client – under £10,000
Maximum cost potential – £500,000 +
At CYFOR we understand the time critical element of security incidents. Our experienced team of investigators is available 24 hours a day via our emergency response number (0800 169 4442) to respond to nationwide incidents. We follow proven methodology in approaching each incident:
Lock-down: Perform the actions necessary to prevent further damage to the organisation and mitigate business risk.
Preserve evidence: Forensically capture data on compromised or affected systems.
Investigate incident: Use forensic and information security tools to determine source of attack and capture perpetrator.
Management report: Provide a full log of investigation undertaken and the results of this investigation.
CYFOR would also recommend that if an incident response policy isn’t in place, a readiness review is undertaken. We would also propose that the organisation undertakes regular vulnerability assessments to minimise future security risks and provide information assurance.