Incident Response

How serious is a cyber incident
Wondering how a cyber incident would impact your organization? It’s more common than you think.

Why choose our team
Has over a decade of incident response experience
Is trained & certified on offensive and defensive security strategies
Stays up to date with latest attacker techniques
Can provide a comprehensive plan to prevent future attacks

Our incident response plan always seek to address a suspected data breach in a series of phases. We have outlined six phases and within each phase, there are specific areas of need that should be considered.

The incident response phases are:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned


This phase will be the work horse of your incident response planning, and in the end, the most crucial phase to protect your business. Part of this phase includes:

  • Ensure your employees are properly trained regarding their incident response roles and responsibilities in the event of data breach
  • Develop incident response drill scenarios and regularly conduct mock data breaches to evaluate your incident response plan.
  • Ensure that all aspects of your incident response plan (training, execution, hardware and software resources, etc.) are approved and funded in advance


This is the process where you determine whether you’ve been breached. A breach, or incident, could originate from many different areas.
Questions to address 
  • When did the event happen
  • How was it discovered
  • Who discovered it
  • Have any other areas been impacted


When a breach is first discovered, your initial instinct may be to securely delete everything so you can just get rid of it. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.


Instead, contain the breach so it doesn’t spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It’s also good to have a redundant system back-up to help restore business operations. That way, any compromised data isn’t lost forever.
Questions to address 
  • What’s been done to contain the breach short term
  • What’s been done to contain the breach long term
  • Has any discovered malware been quarantined from the rest of the environment
  • What sort of backups are in place


Once you’ve contained the issue, you need to find and eliminate the root cause of the breach. This means all malware should be securely removed, systems should again be hardened and patched, and updates should be applied.

Whether you do this yourself, or hire a third party to do it, you need to be thorough. If any trace of malware or security issues remain in your systems, you may still be losing valuable data, and your liability could increase.

Questions to address 
  • Have artifacts/malware from the attacker been securely removed
  • Has the system be hardened, patched, and updates applied
  • Can the system be re-imaged


This is the process of restoring and returning affected systems and devices back into your business environment. During this time, it’s important to get your systems and business operations up and running again without the fear of another breach.
 Questions to address 
  • When can systems be returned to production
  • Have systems been patched, hardened and tested
  • Can the system be restored from a trusted back-up
  • How long will the affected systems be monitored and what will you look for when monitoring

Lessons Learned

Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what you’ve learned from the data breach.  This is where you will analyze and document everything about the breach.  Determine what worked well in your response plan, and where there were some holes. Lessons learned from both mock and real events will help strengthen your systems against the future attacks.

 Questions to address 
  • What changes need to be made to the security
  • How should employee be trained differently
  • What weakness did the breach exploit
  • How will you ensure a similar breach doesn’t happen again
No one wants to go through a data breach, but it’s essential to plan for one. Prepare for it, know what to do when it happens, and learn all that you can afterwards.
Why Secunets team for your cyber incidents

Customized approach

We tailor our assessment services to meet the specific needs of your IT infrastructure and business requirements.

Expertise in IT security

Our team possesses extensive knowledge and experience in IT security, ensuring accurate assessments and effective recommendations.

Industry best practices

We adhere to industry best practices and standards to ensure the highest level of security for your IT infrastructure.

Cost-effective solutions

We offer affordable and scalable incident response services to suit businesses of all sizes and budgets.

Timely and efficient service

We strive to deliver prompt and efficient assessment services to minimize disruption to your business operations.






Our Office Location

Chieko Plaza Opp Catholic Church

1st Floor RM A1-5A

Along Southern ByPass

Kikuyu CBD