Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

Karen Ting

By: Karen Ting on January 20th, 2023

Print/Save as PDF

How to Respond to a Cyber Incident? [Video]


No one expects to be the next cyber victim, but on the off day that your business does get hit, do you know what to do? Do your employees know how to respond? Rob Schenk lays out what to do when your business is faced with a cyber incident. 

cyber incident

When an incident does hit your business, there’s no need to panic. Follow these four-step process of NIST Incident Response designed to protect your organization:   

0:58 #1 Preparation 

Preparation is perhaps the most vital and work-intensive step of incident response. You will document, outline and explain your response team's roles and responsibilities. That includes establishing the underlying security policies which will guide the development of your incident response plan.   

1:23 #2 Detection and Analysis 

This involves the monitoring, detecting, alerting, and reporting of security events. The primary objective for this stage is identifying known and unknown threats and suspicious activity that seem malicious.  In this phase, collecting log data is critical to identify how the incident occurred, its root cause, and the systems and data affected. 

2:14 #3 Containment, Eradication, and Recovery 

The goal of this step is to stop attacks before they cause damage. Once a breach has been detected, containment of the compromised systems, networks, data stores, and devices ensures that infection does not spread. 

3:03 #4 Post-Incident Activity 

Once the threat is neutralized, it's vital to analyze how the incident happened to prevent another issue in the future. Post-incident activities include: (1) Reviewing and reporting on what happened, (2) updating your cybersecurity program with new information about what worked and what to improve, and (3) updating your IR plan with lessons learned.   

Responding to a cyber incident is no easy feat. If you're worried that your IT team or provider may not be able to properly contain the breach, we recommend you talk to one of our experts. We can discuss what your situation is and what next steps we can take to secure your business.   

New call-to-action