020 7466 4700
Tech Check

Incident Response

Incident response is a set of procedures and policies that are used to address, manage and eliminate cyber-attacks or security breaches. Through incidence response, your organisation can quickly detect security attacks and minimise the damage. What’s more, incidence response can help prevent any future attacks of a similar nature.

Why is incident response important?

Organisations across a wide variety of sectors use technology on a daily basis, however, with technology integration, remote working and many other factors, there are new cyber security threats emerging. Any activity that is not properly contained in a secure environment will usually escalate into a bigger problem that can result in a damaging security breach with potential disastrous consequences to your organisation.

Incident response allows an organisation to be prepared against these potential attacks and can be relied upon to identify security threats immediately.

Types of security incidents

Here are just some types of security incidents that could affect your organisation:

  1. 1DoS attacks - A DoS (Denial-of-Service) attack floods a website full of traffic using bots in an attempt to crash the whole system, which in turn will not allow any real users to access the site. Sometimes these attacks are done intentionally in order to test the integrity of a system - this typically occurs on larger consumer-facing websites.
  2. 2SQL injections - SQL (Structured Query Language) injections are when a hacker tries to manipulate a company’s database by adding malicious code onto the server. The aim of this type of attack is normally to obtain sensitive customer information which can include credit card numbers.
  3. 3Malware - Malicious software, also known as malware, infects and encrypts crucial business files across the whole corporate network. Typically, more recognisable as viruses, trojan horses and spyware - each can have huge consequences on your business.
  4. 4Phishing - Phishing attacks are unfortunately becoming more and more common. This type of security incident is mainly due to human error - this is where employee training is crucial so that they know not to click on any suspicious link in order to prevent a potential phishing attack.

The 6 phases in an incident response plan :


In any incident response plan, preparation is key. This phase of the plan will typically include employee training and developing security incident scenarios to ensure everyone knows the correct procedures if an incident occurs.

Identifying the breach

Phase 2 is identifying and determining whether you’ve been breached. As an incident or breach could originate from many different areas, it is important to consider the following questions:

  • Has the source of the incident been identified?
  • How was it discovered and by who?
  • Have any other areas been affected by the incident?
  • What procedures do you need to invoke following the incident?

Reduce the spread

When the incident is discovered it is important not to panic and delete everything – this could be important evidence in a potential investigation. Instead, it’s best to contain the breach so it doesn’t spread further or cause any long-term damage.


Once the breach has been contained the next step is to find and eliminate the root cause. Any malware should be removed at this stage and systems should again be hardened, patched and updates applied.


Following on from eradication the next thing to consider is the recovery process. This means restoring and returning affected systems and devices back into your business environment. It’s now a good time to think about getting all systems back up and running, if it is safe to do so.


After the investigation is complete and all systems are safe and secure, it’s good to discuss what has been learned from the data breach and how this affects the incident response plan. At this stage you can determine what worked well, what didn’t work so well and what could be changed moving forward in order to maintain a safe and secure environment.