Skip to main content

    Wars are no longer fought only on the battlefield; they are increasingly taking place in cyberspace. No one has full oversight of this threat landscape, and few have the necessary knowledge and resources internally. The day a fire breaks out in your business, you call 911. But who do you call when your business is under a cyberattack?  

    - A cyberattack may have catastrophic consequences if it is not handled quickly and effectively. And to manage it quickly and effectively, you need expert help. That is the challenge today. Because there is no 911 for cyberattacks, explains Vegard Vaage.  

    Vegard Vaage

    Even the most skilled struggle to gain control and oversight during an attack

    Vegard Vaage is the Head of Incident Response (IRT) at the IT security firm Netsecurity – a team consisting of the top security testers and ethical hackers found in the country.  

    - We see that many have good expertise on their own IT infrastructure and manage the technical aspects of recovery phases well. The challenges arise when you recognize that you are under attack but may not have the ability to identify the attack timeline: How did they gain access? Which systems are affected? Have they left any backdoors to prevent us from expelling them? When is it safe to restore, and in what order?

    These are areas that require specialized skills in digital forensics, reverse engineering, and detailed knowledge of how attackers operate and the tools they use.  

    Incident Response Team

    An incident management agreement with an Incident Response Team (IRT) is insurance against the worst consequences of a cyberattack. It provides companies with access to expertise and resources they do not have internally. With such an agreement, you get 24/7 access to our incident management team: 

    - We are accredited by the Norwegian National Security Authority’s quality scheme for incident management. Our service is designed to help our clients adhere to the NSM’s fundamental principles part 4 (“Manage and Recover”).   

    An agreement with our incident management team guarantees a response to incidents within two hours and delivers a tailored solution to handle the situation effectively. This not only reduces downtime and costs but also provides peace of mind in a crisis situation.  

    - The result is that damage is limited as much as possible and as quickly as possible, allowing those affected to return to normal operations with minimal loss.  
    Kvalitetsordning

    A structured method stops attacks effectively

    In the event of an attack, the incident management team always follows a fixed process consisting of six main phases, explains Vaage:

    - We will guide you through handling an incident from A to Z, with deep technical expertise supported by a broad professional environment and external partners. We will propose concrete measures throughout the process, while also gaining an understanding of the attack timeline and preserving the chain of evidence for any legal follow-up.  

    Vaage explains that often it is the company’s own IT organization that knows their infrastructure best, but the incident management team provides advice and recommendations on measures to be implemented at the right time. 

    - Additionally, we ensure that you get an overview of the incident, using our expertise to determine the initial attack vector, what the attacker is trying to achieve, how far they have progressed, and if possible, who they are. We also offer a set of preparatory activities tailored to make your organization more resilient to such incidents in the future. 

    This ensures that you get help with the most challenging issues a modern organization can face, around the clock and throughout the year.  

    Preparation is key

    The IRT leader says that many organizations do not have good emergency preparedness procedures, and if they do have procedures, they often do not cover digital security incidents.

    - Our role as incident handlers is often just as much crisis management as technical support, explains Vegard.

    Emergency preparedness procedures are precisely about having a plan for the day you are attacked:

    - It is no longer a question of "if" but "when" you will be attacked. Being prepared is critical. All organizations should have clear procedures for what to do in the event of an attack and, not least, practice these procedures regularly, says Vaage.

    Long-lasting damage to reputation and finances

    Preparation involves, among other things, having a good emergency response plan, trained personnel, and access to expertise when needed.

    - Without a proactive incident response plan, you risk longer downtime, greater financial and operational risks, and also breaches of regulatory requirements. A lack of swift and qualified response can result in irreversible damage to both reputation and finances that is difficult to rectify.

    By collaborating with an incident response team, companies can reduce the time it takes to gain visibility and control, which can be crucial in a crisis situation.

    - An incident response team is dedicated to protecting its clients and ensuring they can operate safely and efficiently, even under attack, concludes Vegard.
    Oslo

    Drammensveien 288

    0283 Oslo

    Bergen

    Sandviksbodene 1

    5035 Bergen

    Stavanger

    Kanalsletta 4

    4033 Stavanger

    Grimstad

    Bark Silas vei 5

    4876 Grimstad

    Kristiansand

    Dronningens gt 12

    4610 Kristiansand

    Trondheim

    Krambugata 2

    7011 Trondheim

    Stockholm

    Kammakargatan 22

    111 40 Stockholm