Support calls are increasing, security tools are flooding you with alerts, your company’s IT systems are no longer responding… There is no doubt, your organization is in the grip of a cyberattack.
“The question is no longer: are we going to be attacked? But, when?” If you are a cybersecurity professional, you must have read this sentence multiple times. But this time, you know when, and it’s happening now!
What you may not know, however, is how to react to such an attack, when your IT is paralyzed, and with it, your company’s operations. The bad news is that there is no universal solution to resolve this type of situation, as each company and each IT system is different.
The good news is that there is a proven methodology that has a 97% recovery success rate.
How you can call 999 in the event of a cyberattack
Dell has set up an incident response and recovery service designed for this type of situation. Organizations can call our team of cybersecurity experts at any time, whether they are a Dell customer or not, for assistance in the event of a cyberattack. We have supported dozens of organizations affected by cyber incidents, with a series of best practices that we adapt to the specific constraints and set up of each company.
For help in the event of a cyber incident: call (+44) (0)800-145-6098 if you are based in the UK or email: incident.recovery@dell.com
Additional numbers for other countries are available here
When an organization calls the emergency number for cyberattacks, you are immediately put in touch with level 1 support, who will collect the initial information needed to understand the context (company details, extent of the attack etc.) and they will then communicate with the IRR (Incident Response and Recovery) team, who, in less than two hours, will contact the organization to gain deeper information (the mix of infrastructure, actions already taken, possible partners and ecosystem involved, existing safeguards, etc.), and they will estimate the resources necessary to resolve the problem and propose a tailor-made response.
An agnostic and flexible approach
This initial investigation makes it possible to determine which of our experts are in the best position to resolve the incident. Hackers exploit every possible vulnerability, regardless of the type of infrastructure. Therefore, technical assistance must also be perfectly agnostic, whether in terms of brands or technologies.
We have cybersecurity specialists within the team of course, but also experts in virtualization, network, storage, cloud, backup, Active Directory, workstation, etc. Very diverse profiles, who can work face-to-face or remotely, depending on the needs of the organization, and intervene quickly anywhere in the world.
We can then move to operationalise an action plan for full system recovery. The key here is flexibility. We have a methodology that our experts can deliver end-to-end and take care of operations. We can also give more control to the customer’s internal teams or collaborate with their partners; by providing advice and support.
Finally, our experts can use the tools in place at the client’s premises or use our own tools during the intervention.
Tracking down intruders
It is also important to understand that the different stages of this methodology do not take place sequentially, but in parallel: threat hunting, eradication, reconstruction, forensics, reinforcement. The goal is to get the business back up and running as quickly as possible, while implementing enhanced security to prevent the incident from happening again.
The threat hunting and forensics stages consist of recovering as much information as possible (telemetry, logs, etc.) to analyze the attack, detect all the threats hidden within the IS and understand how the hackers got there. Some companies have already identified the vulnerability, while others need help to get back on track. This understanding is essential for eradication, which aims to ensure that intruders are no longer present in the systems and that the attack is not repeated when the machines are rebooted, and the network reinstated.
“Reconstruction does not simply aim to restore what exists, but to provide the organization with a higher level of security.
Rebuilding new foundations
In parallel with our investigation and cleansing work, machines can be rebuilt to provide a functional and safe infrastructure that will allow you to restart your critical systems as quickly as possible. This process does not simply aim to restore what exists, but it serves to provide the organization with a higher level of security by strengthening your monitoring and detection capabilities, ensure compliance with the European cybersecurity directive NIS2 and follow the guidance from local national security bodies.
Finally, beyond a purely technical approach, a cyberattack also involves legal obligations and procedures with insurers. To do this, incident reports must be provided, and our methodology includes support on these communications.
The best response: being prepared
Obviously, to respond as effectively as possible to an emergency, the best strategy remains – being prepared. If you are still in the situation where “you know you will be attacked, but you don’t know when”, you need to prepare yourself!
The Incident Recovery Retainer Service is broken down into two phases. The first is a 40-hour package to review the entire IT system: the infrastructure in place, the interdependencies between sites, backup tools and methods, cyber insurance, governance, etc. This analysis is meticulous and is initially used to make recommendations for improvement to the IS security, but it also considerably accelerates phase 2.
The second phase occurs when an attack occurs. All facets of the incident response and recovery service are then triggered, and with phase 1 completed we already understand our customer’s IS and we know how to proceed. Action can be taken immediately, thanks to a package of 120 or 240 hours of prepaid service. Without the proactive phase, the analysis can take on average 24 hours to complete. And when business operations are at a standstill, every hour lost can have a significant business impact.
Learn about our proactive incident response and recovery retainer service, and get prepared today.
