Incident Response

Get immediate help from BlackBerry Cybersecurity Services.

We can help—whether you're under cyberattack, need to contain a breach or want to develop an incident response plan. Report an incident or call us now at +1-888-808-3119.
Report An Incident View Services Card

What Is Incident Response?

Incident response is an organization’s approach to addressing cyberattacks and cybersecurity incidents. The goal of incident response is to contain and minimize damage caused by a breach and reduce recovery time and costs.

Incident response includes cyber incident response, data breach response, business email compromise response, ransomware response and digital forensics.

What Is an Incident Response Plan?

An incident response plan is an organization’s predetermined plan for addressing a cyberattack. An incident response plan should include a list of incident response team members with roles and responsibilities as well as tools and technologies, steps to detect and identify cyberattacks, steps to contain and minimize damage (including reputational damage) and processes for incident recovery.

 

How to Create an Incident Response Plan

The six steps of an incident response plan, according to the SANS Institute checklist, are:

  1. Preparation: Train users and security staff to manage potential security incidents.
  2. Identification: Determine whether an event qualifies as a security incident.
  3. Containment: Limit the damage of a cybersecurity incident and isolate affected systems to prevent more damage.
  4. Eradication: Find the root cause of the incident and remove affected systems from the production environment.
  5. Recovery: Ensure no threat remains and permit affected systems back into the production environment.
  6. Lessons learned: Document the incident, perform analysis to learn from the incident and update procedures to improve future incident response.

Are You Experiencing a Cyberattack or Suspect a Breach?

Call us. BlackBerry® Security Services is an incident response vendor that can help you mitigate the impact of any breach, ensure your recovery follows best practices and secure your IT environment for the future. Our cybersecurity experts provide answers to your questions so you can protect your IT environment during the current attack and defend against future cyberattacks.
  • How did the attacker get into my environment? 
  • How did they move within the environment?
  • During what timeframe did the attack occur?
  • What networks, systems and data did they access?
  • What were the attacker’s actions and objectives?
  • Did the attacker exfiltrate (steal) data?
  • How can I minimize the risk of a future attack?
Get Help Now

Incident Response Best Practices

Watch this webinar by BlackBerry Incident Response Consultant Principal, Martin Münch. Learn best practices to identify, contain and remediate cybersecurity incidents.
Digital Forensics Services

Digital Forensics Services

We perform many types of digital forensics and incident response (DFIR) services for our clients. Our world-class forensic laboratory enables our digital forensics consultants to process your forensic evidence securely and efficiently.

Before a breach, during a breach or after a breach, the BlackBerry Security Services DFIR team collaborates with you to quickly secure the chain of evidence and process your data and devices. We also provide data recovery and media analysis services.

Learn More
Incident Response Retainer Services

Incident Response Retainer Services

Prepare for the worst. Act now to ensure access to incident response expertise and achieve peace of mind.

When you have a cyber incident response retainer with BlackBerry Security Services, you get the benefit of reduced rates, service level agreements and guaranteed availability. We offer four levels of service to suit your cybersecurity needs and budget.

Learn More

Cybersecurity Assessment

How can your organization know with certainty whether cybersecurity is already compromised—or not? Evading detection is the goal of cyberattack tactics, techniques and procedures (TTPs), so it’s common not to know. Many security leaders lack the visibility, toolsets, resources and experience to answer questions with confidence about cybersecurity compromise.

Understand your breach status and proactively prevent future incidents with a cybersecurity assessment that identifies signs of current and past breaches. We use artificial intelligence and consultant expertise to reveal the presence of security threats and guide you on how to reduce cybersecurity risk.

Learn More

Business Email Compromise

Most breaches start with phishing, and business email is a digital goldmine for attackers. If they gain access to your email system, they can learn business secrets, spoof your email and launch attacks at your organization and clients. Business email compromise (BEC) is one of the fastest growing types of cybercrime that we encounter.

If you suspect that an attacker has gained access to your business email platform (O365, Google Workspace or Exchange), contact us—we can help. We have many ways to investigate business email compromise and help you mitigate email-based attacks.

Report an Incident

Find the Best Incident Response Service for You

We help organizations of all sizes and in all industries

Whatever cybersecurity challenge you face, our team of consultants can help.
Get Help Now View Services Card

Resources

Structural Dependency

Blog Post

Cyber Breach Guidelines for Incident Response: Steps for Before and After a Cyberattack
Read Now
Structural Dependency

Solution Brief

Incident Response Use Cases: Achieving Cyber Resilience with BlackBerry Security Services
Get the Brief
Structural Dependency

Webinar

SANS 2021 Top New Attacks and Threat Report—Panel Discussion
Watch Now