Subtly different from breach triage and breach remediation, a breach impact assessment is understanding the impact of the breach, what has been taken by the attackers, what has been exfiltrated and what have they done with it.
Please note that this service is a single module that can be delivered on its own for clients who want this specific piece of work. However, it is included as standard as part of the Incident Response Team Service.
The first step is to understand the sophistication of the attack and the various attack vectors which have been used to understand the likelihood of data exfiltration occurring, through the standard Tactics Techniques and Procedures (TTP) normally associated with the type of attack.
Where possible the likely threat actors are identified to understand the motivation and likely outcomes.
Where traffic data is available it will be analysed in an attempt to see what data has been exfiltrated in what quantities to where.
Our Cyber Threat Intelligence Team will analyse whatever evidence has been found to try to attribute the attack and also delve into the dark web looking for any artefacts relating to the attack.
Our investigators use very tool at their disposal, for instance after one breach, the attacker published an expose in their own language, we had the document analysed by language experts who identified the likely sex of the author and through nuances in the dialect, a region where they are likely to have originated from.