Experts in Incident Response
outcome-oriented cyber incident response
We understand the balance between business continuity and reactive risk management and compliance. Trust in practitioners who have helped hundreds of Australian businesses navigate ransomware, email compromise and hacking incidents. Emerge stronger and more resilient than ever before.
Leading Cyber Incident Response management
Ready and waiting, 24/7
We operate 24 hours, 7 days per week in the face of a cyber incident. Use our online chat to start a conversation with an incident responder at any time. We can onboard you within minutes and enlist expert help to start responding straight away.
Experienced Digital Forensics
We have experience working with digital forensic investigators across hundreds of cyber incidents. We can help you select and negotiate a retainer with a digital forensic investigator to rapidly build the factual matrix of your incident.
Outcome Focused
We are neither a typical law firm, nor a typical IT firm – that means no confusing ‘techno-babble’, legalese or ‘chasing after the bad guys’ – we’re here to help you get back to business and ensure that operations run smoothly again as soon as possible.
Regulatory/Public Engagement Ready
We structure all our engagements to ensure that you can stand up to regulatory and public scrutiny. A successful response allows you confidently engage with regulators and the public about your incident with strong and ethical communications.
Emerge Stronger
We have seen clients triumph over cyber adversity through expert guidance. From managing hundreds of incidents, we know what a successful cyber response looks like. In essence, it’s a three step process.
Step 1 – Gather Information and Contain Intrusion
Every successfully managed incident response starts with a detailed forensic investigation.
Step 2 – Assess Data Risk
Map your organisations’ at-risk data and establish a trail of custody leading up to the incident.
Step 3 – Perform Assessment and Notify Impacted Individuals
Armed with the best facts about the incident, your organisation can take steps to notify affected individuals or confidently close the incident without notification.
The details
Artificer provides leading incident response managers, experienced at working the divide between technology and the law. Below is more information about how we typically structure an engagement to respond to a cyber incident.
Step 1
Gather Information and Contain Intrusion
If you have just discovered an incident on your system, containment and business continuity are the top priorities. We can brief leading digital forensic investigators on your behalf and help you interpret their reporting on the containment of the incident.
While this occurs, we can assist communicating the status of the incident to regulatory and public stakeholders, as well as make any arrangements with insurers.
Step 2
Data Impact Assessment
Once containment is achieved, we work with you to proactively determine the extent of any data impacted. We can help you build a picture of your data by scanning your systems and analysing system architecture.
If there is sensitive data exposed, we can rapidly analyse the data to give you a picture of the number of possible individuals impacted by the breach. We have developed a number of unique solutions to rapidly organise impacted datasets and can leverage these to get you the fastest picture of the severity of an incident.
Step 3
Post-containment Recovery
Once the immediate impacts of the incident have been managed, we can assist with the business and legal impacts of the incident. This may involve reporting the data breach to regulators, or to impacted individuals, or closing out the incident without notification (for example where no data is found to be impacted).
We use our expertise as technologists and lawyers to ensure we get the best picture of the incident and make our decisions about closing out the incident from the strongest possible factual basis. This is critical to ensure complete closure of the incident so that it can be confidently consigned to company history.
Gather and Contain
Learn how we approach the initial stage of responding to a cyber incident, from gathering the factual matrix through to containing the intrusion.
Establishing a strong factual matrix is essential for effectively managing a cyber incident, both from a technical and a business standpoint.
Respond effectively to an intrusion
Once you’ve detected an intrusion, there are critical and time-sensitive steps that you need to take in order to effectively respond. The process has been rigorously developed in concert with cyber security experts and regulatory bodies, and we give you a snapshot of how it works below.
Digital Forensic Investigation
The first step in any response to a cyber incident is to contain and investigate the incident; gathering as much information as possible. We have established relationships with some of Australia’s leading digital forensic investigators. We move quickly to leverage this expert help to contain the incident and begin painting a factual picture of how the incident has taken place.
Our practitioners have analysed hundreds of digital forensic reports and guided investigators to ensure their efforts align to business outcomes and mitigation of legal risks. Once the investigators are finished, Artificer can use their reporting to create a roadmap to overcoming the incident.
Structure Internal Conversation
While investigators are working, we rapidly establish rapport with your internal technology and business teams to prepare them for upcoming action. We can establish a working group to attend to each of the stages of an incident response to ensure that effective internal communication is happening.
Once established, the working group can lead efforts for the remainder of the response, including discovery of any at-risk data, and ongoing efforts to contain and mitigate the incident.
Shape External Communications
Regulators, customers, the public are just some of the possible stakeholders in a cyber incident. When a cyber incident places time pressure on business channels, it’s essential all these stakeholders are able to be briefed quickly and confidently. We are well versed in shaping communications that are proportionate and informative. It’s critical that your communications are both effective at mitigating future risk of harm to affected parties, but also balance the risk of future claims that may arise from the incident. We’re here to guide you through this balancing act with a steady hand.
Satisfy Regulatory Requirements
There are mandatory reporting timeframes under the Commonwealth Privacy Act 1988 as well as a myriad of other circumstances where laws may require notification of a breach of cyber security.
We can proactively comply with these legislative requirements for you while we undertake a full co-ordination of the incident response. We can also provide advice to board of directors or parties with a common interest, as the incident may require.
Data Impact Assessment
Some incidents have little impact on data security and integrity, others have a major impact. Learn how we trace the impact in the wake of containing an incident.
Data Impact Assessment is a key step in resolution of an incident. We can guide you through the process in the Privacy Act for an Eligible Data Breach Assessment.
Assess your data risk
Not all incidents have a significant impact on sensitive data that your organisation holds. However, without a robust assessment of the data impact, it’s difficult to satisfy stakeholders and mitigate legal risks associated with mandatory data breach legislation. Here’s an outline of how Artificer approaches data risk assessment.
Identify your sensitive or personal data
Often referred to as your organisation’s proverbial ‘crown jewels’, we can help you comprehensively identify where your most sensitive data resides in your network. We can also critically analyse your organisation’s data flow to identify any risk of that data residing where it shouldn’t. This step can be undertaken prior to an incident or in the early stages concurrently alongside digital forensic investigations.
Map data flows against intrusion pathways
Once its understood where the most sensitive data resides in your network, and combined with insights from a digital forensic investigation, we can begin to put together a picture of the risk the incident poses to your organisation.
We identify the fastest route to assess data risk by either working from your sensitive data, or following the evidence from the forensic investigation to see how close an intruder may have come to exposing sensitive data. This is the critical step in understanding exposure risk, business risk and notification obligations.
Build a database of affected individuals
If sensitive data is exposed, we can assist to rapidly identify a comprehensive list of affected individuals to allow for notification or remedial steps to occur. In some cases this can be done programmatically to save hundreds of manual work hours using modern data science techniques.
Determine notification status
As lawyers and technologists, we can analyse the facts of any incident and determine notification requirements under the Commonwealth Privacy Act, state-based legislation or other organisation specific laws or obligations that may compel notification of the incident.
Post-Containment Recovery
Learn how Artificer can assist organisations to get back to business-as-usual in the wake of a cyber incident, managing the legal and regulatory risks in the process.
Once the incident is under control, deciding who to notify and what future preventative measures are proportionate are the critical steps.
Get back to business-as-usual
In the wake of an incident, it’s easy to just resume operating the way things were. However, there are critical steps to take to ensure you’re emerging stronger from having the incident. This allows your organisation to get back to business-as-usual and truly put the incident behind you. Here’s an overview of the steps Artificer can assist with to help your organisation emerge stronger.
Notification Campaign
If notification is appropriate, we can produce the form of notification and run the campaign. We adopt an approach to notifying individuals that strikes the right balance between legal compliance, helpfulness to the impacted individual and protection of your organisation’s interests. We can also handle notification to foreign jurisdictions wherever required through our international network of professionals.
Notification is always a difficult step to take as an organisation impacted by a cyber event. With the right approach, you can minimise disruption to your business and present professionally to customers, stakeholders and impacted individuals.
Remedial Action and Improvement
Cyber incidents often occur because of unforeseen vulnerabilities in the makeup of an organisation’s digital infrastructure. Once identified, we can assist by recommending new or replacement technology systems to remedy vulnerabilities and improve digital processes. We go a step further than any law firm or IT consultancy and combine both these disciplines to ensure you get the best practical advice on how to mitigate the risk of future incidents.
Regulatory Defence and Engagement
If regulators or third parties need to be notified, it’s important to have the best representation possible to safeguard your organisation’s business interests. By combining a solid understanding of the technology involved in the incident and the current and emerging jurisprudence, we successfully defend clients from regulatory investigation and legal claims arising from cyber incidents.
Emerge Stronger
Get started quickly
Need urgent action? Use this form or the website chat to get started on recovery from a cyber incident. We can spin up a response capability promptly and take action to protect your organisation.
Ask us anything
Need more info to get started? Feel free to drop in a videoconference or booking link into the form and we’ll answer any questions you have.
Fast pricing information
We can furnish you pricing information digitally at lightning speed using an online Statement of Work. Don’t sign anything until you see how much you could save with us, we make it so easy to compare!
Thank you!
Your message has been received. We’ll be in touch soon.