Security incident at your organization? Call us 24/7! 088 133 0700
Get a clear assessment of your situation within 30 minutes.
Security incident at your organization? Call us 24/7! 088 133 0700
Get a clear assessment of your situation within 30 minutes.
Security incident? Call us 24/7!
Is your organization facing unexpected events in your IT environment, such as the blocking of workstations, security breaches, no more access to your data, a possible data breach, ransomware or a cyber attack? At your request, NFIR takes immediate action with an Incident Response team.
NFIR is available to its clients 24/7 to map out and resolve any security incident. Our Incident Response team can be on site at your organization within three hours. The goal of the Incident Response team is to minimize the impact of the cyber incident as quickly as possible so that your organization’s continuity is no longer at risk.
NFIR's approach to Incident Response
In conducting the security incident investigation, NFIR works according to the Incident Response procedures of NIST and SANS to conduct thorough and reliable investigations. In addition, experience and analytical skills are at the basis of every solved security incident. If your organization already has Incident Response procedures or an Incident Response Plan, NFIR follows them.
During the Incident Response process, NFIR pays attention to the following three processes:
- Triage: the aim of this step is to identify the source(s) and affected devices and/or systems, set priorities based on these and determine the plan of approach for further research. At the same time, data is safeguarded in a forensic way for possible further investigation.
- Containment:this process involves restoring affected devices and/or systems and verifying security so normal operations can resume.
Post-incident activities.
: when the incident is resolved, a forensic investigation report is prepared. The report proposes solutions to prevent a similar event from occurring in the future. NFIR can also support and/or advise in the communication towards the Data Protection Authority, attorney at law and other parties involved.
We use the existing knowledge and skills of the client in the Triage phase. The Incident Response team starts on site and creates a plan of action. Thanks to our procedures and checklists, we can take action quickly and minimise the negative effects of the cyber security incident. During this entire investigation, NFIR will work in a forensic responsible manner in order to be able to produce a forensic report later in the process. If you have suspicions of culpability or recoverability against a natural or legal person, you can also engage us to conduct an investigation. Our reports are legally valid. You can use the NFIR report as evidence in a court case or for a report to the (Dutch) Data Protection Authority (DPA) in the event of a data breach.
-
Snel en effectief
Door onze jarenlange ervaring met cybersecurity incidenten kunnen de leden van het NFIR Computer Emergency Response Team (CERT) bij u op locatie u altijd snel voorzien van effectief advies om uw organisatie te helpen naar herstel.
-
Uitgebreide expertise
Onze ervaring en expertise van cybersecurity is uitgebreid. Voor alle situaties heeft NFIR de beste ervaring in huis. Wij richten ons niet alleen op het herstel van uw systemen en bedrijf, maar ook op de impact die een incident heeft op uw medewerkers.
-
Volledig en helder
De aanpak van NFIR zorgt ervoor dat de oorzaak van uw incident volledig in kaart is gebracht met afsluitend een heldere en bruikbare rapportages. Zo weet u zeker dat alle maatregelen effectief zijn en uw organisatie verder kan werken aan een digitaal weerbare toekomst.
Triage:
The purpose of this step is to identify the source(s) and affected devices and/or systems, use it to prioritize and determine the plan of action for further investigation. At the same time, data is safeguarded in a forensic way for possible further investigation.
Containment:
This process involves restoring affected devices and/or systems and verifying security so that normal operations can resume.
Post-incident activities
Once the incident is resolved, a forensic investigation report is prepared. The report proposes solutions to prevent a similar event from occurring in the future. NFIR can also support and/or advise in the communication towards the Data Protection Authority, attorney at law and other parties involved.
Being prepared for an incident: incident response retainer
Want more information about the Incident Response Retainer, what terms and conditions apply and what preparations we make to help your organization quickly and appropriately should you experience a cyber incident? Then contact us for a no-obligation appointment. We will be happy to inform you about the service, all terms and conditions and the annual fee.
Don’t wait any longer and be assured of a certified crisis team in time of need today!
I want immediate help with a Cyber incident!
The Incident Response Team of NFIR
NFIR’s team consists of digital forensic investigators, ethical hackers and team leads who all have Incident Response experience. After notification of the security incident, a team is put together that expresses its opinion. The size of the team depends on the type of cyber incident. Of course, all members of the team will work forensically during this process.
Company hack or data breach prevention is better than cure.
Preventing security incidents is obviously better than curing them. We are convinced that companies benefit above all from good preventive measures, both technically and in terms of awareness. For this reason, NFIR pentests, provides Security Awareness services and offers a package of various services via the Cyber Security Support Contract.
Incident response
Company hacked? Data breach? Meet Incident Response from NFIR!
Our incident response team is available 24/7 to identify and resolve any cyber incident
Rely on NFIR for fast and effective incident response to cybersecurity incidents. Our experienced teams are ready 24/7 to support your organization and minimize the impact of an incident. Contact us now and protect your business from the effects of cyber attacks.
Speed and 24/7 availability
NFIR understands that time is critical when responding to a cybersecurity incident. Our Incident Response team is on standby 24/7 and strives to be at your location within three hours. We ensure that your organization can respond quickly and effectively, minimizing the impact of the incident.
Expertise and experience
NFIR has a team of experienced cybersecurity experts with deep knowledge and expertise in incident response. We follow NIST and SANS Incident Response procedures and use advanced tools and techniques to conduct thorough and reliable investigations. Our experts have a proven track record of successfully resolving security incidents.
Custom solutions
NFIR understands that every incident is unique and requires a customized approach. We work closely with your organization to understand its specific needs and objectives and deliver solutions tailored to them. Whether recovering systems, identifying the source of the incident or implementing preventive measures, NFIR offers customized solutions that help your organization be resilient against future cyber threats.
Incident response from NFIR
- NFIR responds with speed and is available 24/7
- NFIR has years of expertise and experience
- NFIR provides customized solutions
Data breach reporting and data breach notification requirement
For comprehensive information on data leaks, data breach notification requirements and data breach roadmaps click here.
What is a data breach and when should you report it?
When there is an opportunity for unauthorized persons to view personal data, it is considered a potential data breach. Organizations are often required to report such incidents to the Data Protection Authority (AP), which serves as the regulator for the General Data Protection Regulation (AVG) and its Implementing Act AVG (UAVG). Whether there is actually a data breach depends on specific circumstances. Not every data breach requires notification to the AP, especially if the risk to the rights and freedoms of affected individuals is low. However, when unauthorized access occurs to sensitive information such as passport or bank account numbers, the risks of identity theft or financial loss can be significant. In such cases, an organization is required to report the incident to the AP within 72 hours.
Frequently asked questions
What is NFIR's working method for Incident Response?
- Triage: the aim of this step is to identify the source(s) and affected devices and/or systems, set priorities based on these and determine the plan of approach for further research. At the same time, data is safeguarded in a forensic way for possible further investigation.
- Containment:this process involves restoring affected devices and/or systems and verifying security so normal operations can resume.
- Post incident activities: When the incident is resolved, a forensic investigation report is prepared. The report proposes solutions to prevent a similar event from occurring in the future. NFIR can also support and/or advise in the communication towards the Data Protection Authority, attorney at law and other parties involved.
What is the impact of ransomware in my organization?
The number of ransomware attacks in the Netherlands is large and even increasing. In a recent survey, nearly three-quarters of Dutch companies surveyed said they would be hit by a ransomware attack by 2021. Only slightly more than a third said they had a cybersecurity strategy ready. This is while the impact of a ransomware attack on your business or organization is enormous. Your business operations are severely hampered or even made impossible. Trade secrets (can) be resold and data leaked. Your external partners no longer trust your organization and take a wait-and-see attitude. And don't think "that won't happen to us," because it can happen to anyone. From large companies and organizations to SMEs employing 20 people.
Read the full article: What impact does a ransomware attack have on my organization?
Can I always contact NFIR to get help in case of an IT-Security incident?
Yes, we are available 24/7 for SMEs, multinationals, government bodies, educational institutions and non-profit organisations. Within three hours, an incident response (CERT) team is present at every location in the Netherlands (Wadden Islands excluded).
NFIR is an official CERT but what does that actually mean?
CERT stands for Computer Emergency Response Team. The attribute is awarded by Carnagie Mellon University to companies and teams involved in digital security incidents. In the Netherlands, there are a number of official CERTs of large organisations involved in combating cyber incidents, such as the NCSC, the IBD, the Ministry of Defence, telecom organisations and banks.
What can the Incident Response team do for my organisation in case of an IT Security incident?
The aim of the incident response team is to minimise the impact of the cyber incident as quickly as possible so that the continuity of your organisation is no longer at stake.
What does an Incident Response team actually consist of?
NFIR's CERT consists of digital forensic investigators, ethical hackers and team leads who all have experience with incident response. After notification of the security incident, a team is put together that expresses its opinion. The size of the team depends on the type of cyber incident. Of course, all members of the team will work forensically during this process.
Does NFIR have the right forensic equipment?
The Incident Response team is always provided with the right digital forensic equipment to serve the clients directly on location. NFIR continuously invests in fast, reliable and leading equipment and tooling that allows multiple Incident Response teams to operate simultaneously.
What phases does an Incident Response process consist of?
- Incident notification and intake
- Securing and investigating
- Reporting and prevention
What steps does an Incident Response process usually consist of?
- Contact NFIR's Computer Emergency Response Team (088-133 0700).
- The CERT takes action. All necessary equipment is packed and within 3 hours the CERT is on site
- On site, the intake is conducted with all stakeholders to gather all available information about the incident.
- After granting the order, triage on the affected systems will be started.
- As soon as it is clear which systems have been affected or need further investigation, data will be secured according to a digital forensic procedure.
- In the containment phase, the affected systems are restored and security is verified to prevent a recurrence of the incident
- In the post-incident phase, the secured data is further digitally forensically examined. As many answers as possible are given to the research questions and the subject matter of the research. All findings and recommendations will be included in a report that will be delivered at the conclusion of the incident. This report can be used for internal and external purposes (such as supervisors and for legal proceedings).
What are the most common types of IT security incidents that NFIR encounters in Incident Response processes?
Of all the IT security incidents handled by NFIR, the most common are compromised (e-mail) accounts and attacks on vulnerable systems that offered insufficient resistance due to a lack of software updates and security. If hackers gain unauthorized access to systems, this usually leads to data breaches, the installation of ransomware and various types of malware such as crypto miners.
Is there always a digital forensic investigation as part of Incident Response
This is not necessary in all cases, but often the client wants to know the extent of the incident and supervisors ask questions that can be answered by conducting an investigation. In all cases, NFIR is obliged to provide a report.
Can an organisation make arrangements with NFIR in advance to be sure to be helped quickly in case of an IT-Security incident?
That's possible. NFIR offers the Cyber Security Support Contract. This contract includes a number of preventive and reactive services. Your organisation can then count on an annual phishing test, awareness training for MT/Board of Directors and weekly vulnerability scanning of 2 IP addresses. In addition, we guarantee that the CERT will be on site within 3 hours in case of an IT security incident, 1 intake per year is free of charge and the contract offers a 15% discount on the pentest hourly rate and 15% discount on the Incident Response hourly rate.
Incident Response Plan
Know what to expect in the case of a IT security incident. Read more about the Incident Response plan.
About NFIR (CERT)
We stand for communicating in clear language with our customers. In this way we also report our findings. In addition, we aspire to the ‘numbers tell the tale’ approach, which enables us to help you in a targeted way by means of various types of research. The approach also includes further development of our services. As a result, our services keep in line with changing practice.
NFIR stands for offering technical and organisational support, security services and training. With our knowledge and experience we can provide you with technical advice and advise you on the procedures and processes of information security. Enabling NFIR helps you to increase the resilience of your organisation's cyber security in several areas.
