IRG can help.

Incident Response and Forensics

What is an Incident?

Incidents can be hard to recognize. They may best be described as an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.  The following is a short list of typical Incidents:
  • targeted capture and ransoming of company or customer data
  • unauthorized modification of a system either via an individual or via malicious software
  • elevation of system privileges without authorization
  • unauthorized use of a system's resources (storage, cpu, memory, processes, etc.)
  • denial of service to a network
  • programmatic manipulation of a system or network to attack a third-party

How often do incidents occur?

Incidents occur every second of the day. According to the 2023 Data Breach Investigations Report (DBIR) by Verizon, ransomware attacks increased by 13% year over year, a jump greater than the past 5 years combined. Roughly 4 in 5 breaches can be attributed to organized crime, with external actors approximately 4 times more likely to be involved than internal actors.

Of note, Deloitte found that 39% of organizations in 2022 experienced a significant cybersecurity incident.

It is important to note that the frequency of cyberattacks can vary depending on the source and the type of attack. Cybersecurity is a constantly evolving field, and new threats are emerging all the time. Therefore, it is essential to stay informed about the latest trends and best practices for protecting your digital assets.

Internal incidents can be even more damaging than external attacks. The insider knows your systems and has more time to plan and execute the attack. He knows your administrative and logical safeguards. Recent internal incidents which have resulted in significant financial loss or loss of customer confidence include:  
  • Employees use financial institution computers to obtain customer information and commit fraud using the customer information.
  • An individual was charged with trafficking in passwords and similar information that would have permitted others to gain unauthorized access to his employer's computer network.
  • Former employee of arrested on charges of hacking into company's computer and destroying data.

What Should I do?

Prevention and Planning

An excellent start is the development of a Computer Incident Response plan. The plan should supplement your Business Continuity Plan (BCP). It should include a general response plan with a designated incident leader. Team members with all of their contact information should be available to the leader. The company's BCP will be relied upon for other issues such as media response, facilities management, disaster recovery, etc. If your company does not have an Incident Response plan, Information Risk Group has experienced professionals who can aid your company with its development.

Another preventative measure your company should consider is a security assessment. An annual security assessment should be performed against your company's administrative, technical, and physical safeguards. The assessment will enable your company to concentrate its limited budget on its information security weaknesses.


It is important that you do not panic when your systems are under attack.   Active incidents are among the most technically stressful and challenging events your IT employees will ever face. They require experience and advanced knowledge to solve and prosecute.  Minimally consider performing the following actions:
  • Do not turn the system off, if you have to stop the attack because you are losing proprietary information then remove the cable from the machine.
  • Document what is occurring on a separate system or on paper. Document the system and the individuals performing any valid interaction with the system.
  • Observe the intruder by monitoring and recording events occurring on the network.
  • Recall backup tapes in preparation to restore the system.
  • Follow your incident response plan and if necessary ask for outside help.
If your company is not ready to react to this type of incident it is important that you contact an external vendor now. Information Risk Group LLC is prepared to provide you with the latest tools and techniques to verify, suspend, and trace an incident against your systems. Let us help you mitigate your losses by providing the necessary expert services to resolve your crisis.   When possible we will provide you with the necessary information to go to the authorities. Our emergency response team has worked with the FBI, the US Customs Service,  and state authorities on various cases throughout the years and is available to offer our expertise in this area 24 hours a day.

Please contact us with any questions you may have on this subject or any other services Information Risk Group offers.

Information Risk Group LLC
3220 Henderson Blvd.
Tampa, FL 33609

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Information Risk Group offers information security and risk management services to companies throughout the Americas.