Join the Webinar | Strong Protection Against Cyber Threats

Cyber Incident Response and Incident Response

Developments in technology and software sectors and changes in the world market bring dangers. Threat actors are attacking to gain a foothold in the growing market and thus to cyber incidents they cause.

What is Incident Response?


Incident Responsecan be considered as the cyber security process applied to minimize the losses that may occur during and after a cyber incident, to reduce the cost and to protect the corporate brand value. 


With a professional Incident Response service; It is possible to reduce the possible effects of a cyber attack that you will be exposed to, and even to prevent the attack while it is taking place. Considering the cyber events that we witness almost every day as a whole; Every institution must have an Incident Response Plan and a plan to implement it. Cyber Incident Response Team (SOME) It is now considered a necessity rather than a precaution. 


After a cyber attack; Incident Response should be carried out, traces of the attack should be analyzed, SIEM systems should be updated considering the techniques, tactics and procedures used by the attackers.


What are Cyber Incident Examples?


Security incidents that organizations may face; systems they use, software and hardware tools, servers, etc. may differ depending on factors. Same way; A cyberattack that may be considered a serious event for one organization may pose a moderate risk to another.

Cyber security incidents that may adversely affect organizations;

  • Distributed denial of service (DDoS) attack against critical cloud services,
  • A malware (malware) or ransomware infection that encrypts critical business files on the corporate network,
  • A successful phishing attempt that exposes customers' personally identifiable information (PII)
  • An unencrypted laptop known to have sensitive customer records missing,

examples such as.


What is Cyber Incident Response Team (SOME)?

Cyber Incidents Response Team (SOME), cyber incidents; It is the cyber security team that investigates the traces of the attacker by intervening during the event and after the event ends and aims to minimize the losses that may occur. Cyber incidents in our country to be evaluated on a national scale National Cyber Incident Response (USOM) unit intervenes. Under the USOM, there are SOMEs separated on a sectoral and institutional basis. These teams are there to support the IT infrastructure of the companies serving in our country when there is a cyber incident.


However, every institution should have a SOME unit and this unit should be a SOC (Security Operations Center) should be supported by the team. 

Frequently Asked Questions About Incident Intervention & Incident Response

Why Should I Get Incident Response & Incident Response Service?

Responding quickly to a cyber security incident will help an organization minimize losses, reduce exploited vulnerabilities, restore services and processes, and mitigate risks posed by future events. Incident response enables an organization to prepare for unknown risks as well as known ones, and to detect security incidents as soon as possible. It is a reliable method. Incident response also enables an organization to establish an implementation plan to stop an intruder before it can damage the system.

What are the Incident Response Stages?

A successful incident response basically consists of 6 steps: 1. Preparation: It is the stage of preparing for possible risks before an incident occurs. At this stage, the SOME team members who will respond to the incident are determined and an incident response plan is prepared. 2. Detection and Analysis: It is the stage in which the cyber incident is detected. At this stage, it is tried to prove that the attack took place. For this, logs from security tools are collected and analyzed. In order for this stage to be successful, the SIEM and Log Management mechanism within the organization is of great importance. 3. Coverage/Containment: The containment stage is the stage where the attack is limited. At this stage, it is tried to limit the endpoints that the attacker can access and to keep the damage to a minimum. Existing system backups are also taken to prevent destruction of evidence during the containment phase. 4. Threat Eradication: Cleanup phase; It is the stage where the systems are completely cleared of their attacker assets and the threat is eliminated. 5. Recovery: Recovery phase; This is the stage where the system is restored to its pre-attack state after the attack. It is critical that system backups are taken regularly for the successful completion of this phase. 6. Lesson Learning (Post-Incident Activity): Lesson drawing; It is the stage where the weaknesses of the system are determined by evaluating all the data obtained from the beginning of a cyber incident to the end of the interventions, and the measures to be taken against other events that may occur in the future are determined. In our opinion, this stage, in which lessons are learned from mistakes, is the most important of the Incident Response stages, as it will be of great importance in preventing future attacks.

Who is the Incident Response Team (SOME)?

SOME consists primarily of technical IT professionals. In addition to IT specialists, officers working in the legal department in order to manage the legal aspect of the operation are also included in this team.