2023

Cyber Incident Response

Year in Review

Cyber Incident Response Year In Review hero image

2023 was a challenging year in cyber incident response. Ransomware attacks increased by over 70% to reach an all-time high; cybercriminals exploited vulnerabilities en masse, triggering waves of breaches; and threat actors became more sophisticated and organised.
 
In our Cyber Incident Response Year in Review we present a series of articles that share the lessons we learned from responding to over 400 breaches in 2023. Each story takes you behind the scenes of complex incidents, providing insight and advice for businesses and their security teams.
 
Download the full report or browse the articles below.

Cyber Incident Response Year In Review body image
Cyber Incident Response Year In Review

S-RM’s Incident Response team

In spite of the dynamic threat environment, the S-RM Incident Response team rose to the challenge. We responded to 400+ incidents, grew to become one of the largest dedicated response teams in the world, and won Incident Response Team of the Year at the Zywave Cyber Risk awards. Learn more about the team.

Reach out to our experts

Ailsa Wood
Ailsa Wood
Senior Associate, Cyber Security
Dan Caplin
Dan Caplin
Director, Cyber Security

Daniel is Head of S-RM’s European Incident Response practice. He has led the engagements for over 400 cyber response matters across various sizes of organisations and has a deep knowledge of the cyber insurance sector. He leads S-RM’s post incident review projects to support loss adjusting, which has included project managing a highly contentious 18-month investigation into a large insurance claim.

Daniel has almost 10 years’ experience leading projects for clients across the legal, financial services, oil, and gas industries. Prior to joining S-RM’s Cyber Security team, he worked on the Latin America desk of S-RM’s Corporate Intelligence department based out of the Rio de Janeiro office, where he led on projects investigating fraud, corruption, and reputational issues for S-RM’s clients. Before joining S-RM, Dan worked in the British Consulate in São Paulo and the Peruvian Embassy in London.

David Broome
David Broome
Analyst, Cyber Security

David is a Cyber Security Analyst in S-RM's incident response team. In addition to assisting clients with a wide range of cyber security incidents, he has a particular interest in cyber threat intelligence, OSINT, and ransomware.

Frank de Korte
Frank de Korte
Senior Associate, Incident Response

Frank de Korte is Senior Associate in the Dutch S-RM Incident Response team. Over the past 6+ years, he has supported clients on a wide variety of cyber incidents. Utilizing threat actor tactics, techniques and procedures (TTPs) and smart use of cloud infrastructure, Frank aims to streamline recovering from a cyber security incident to reduce costs and ultimately get an organisation back to work as quickly and safely as possible.

Before joining S-RM, Frank was involved in Penetration Testing and Redteaming as well as Identity and Access management projects.

Gavin Hull
Gavin Hull
Associate Director, Cyber Security

Gavin Hull is an Associate Director, Technical Lead in the Cyber Incident Response capability of S-RM. He joined in 2022 and now leads the technical development of the Incident Response function, while also providing oversight and expert advice on a wide variety of cyber defence cases and projects. His background includes over nine years in cyber security, where he has led and supported the investigation, containment and remediation of threats that had targeted clients from a diverse set of industries. The types of incidents include advance persistent threats,  big game hunting, ransomware, insider threats, crypto-jacking, business email account compromise, cloud tenant hijacking, and other sophisticated attacks.

Ineta Simkunaite
Ineta Simkunaite
‪Senior Analyst, Cyber Security

Ineta Simkunaite is a Senior Analyst in the Incident Response team based in London. Joining S-RM over two years ago, she has assisted a broad array of clients across the UK, EU, and North America. Utilising her forensics expertise, she has helped these organisations not only in detecting security vulnerabilities and pinpointing threat actor activities within network environments, but also in ensuring a secure recovery from cyber attacks.

Ineta earned her BA degree in International Relations from King's College London and holds a certification as a forensic investigator.

James Jackson
James Jackson
Associate Director, Cyber Security
James Tytler
James Tytler
Associate, Incident Response

James Tytler is an associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Lawrence Copson
Lawrence Copson
Associate, Incident Response
Melissa DeOrio
Melissa DeOrio
Global Cyber Threat Intelligence Lead

Melissa DeOrio is Global Cyber Threat Intelligence Lead at S-RM. Melissa supports clients with a variety of proactive cyber services and supports cyber threat intelligence services. 

Before joining S-RM, Melissa supported US Federal Law Enforcement cyber investigations as a cyber targeter. In this role, Melissa utilized numerous cyber investigative techniques and methodologies to investigate cyber threat actors and groups including open-source intelligence techniques, cryptocurrency asset tracing as well as identifying and mapping threat actor tactics, techniques and procedures (TTPs) to provide tactical and strategic intelligence reports. Melissa began her career in corporate intelligence, where she specialized in Turkish regional investigations, managed a global team of researchers, and supported the development and implementation of a new compliance program at a leading management consulting firm.

Melissa holds a MSc in Security Studies from University College London and a BA in Political Science from the College of Saint Benedict and Saint John’s University. 

Tim Geschwindt
Tim Geschwindt
Senior Associate, Incident Response

Tim Geschwindt is a Senior Associate on S-RM's Cyber Incident Response team, whose role is to lead on major incident response cases involving ransomware, data theft and espionage. Tim has been project lead on cases affecting major multinational clients in the manufacturing, defence, industrials and retail sectors, including several of the largest response cases in Europe in 2023.

Tim joined S-RM in 2017, initially working as an analyst in the Political and Security Risk division of our Crisis Management practice, before joining the Cyber Incident Response team in 2019. He holds a BSocSci in International Relations and is a certified digital forensic investigator.

Virginia Romero Sanchez-Herrero
Virginia Romero Sanchez-Herrero
Senior Associate, Cyber Security

Virginia is a Senior Associate within the Incident Response team at S-RM, which she joined in 2021. She has experience in managing and delivering end-to-end incident response engagements across all stages of the IR lifecycle, on both technical and non-technical workstreams. Virginia has led S-RM’s response to multiple large-scale cyber incidents, including responding to a number of high-profile ransomware and nation state attacks in Europe and the Americas.

Virginia has over five years of experience in the cyber security industry and is a GIAC Certified Forensic Analyst (GCFA) and a GIAC Cloud Forensic Responder (GCFR).

Vlada Kulish
Vlada Kulish
Associate, Cyber Security

Vlada Kulish is an Associate on S-RM’s cyber security team based in our Utrecht office, the Netherlands. Vlada has a master’s degree in computer engineering and started out her career as a cyber security researcher and SOC analyst before moving into ethical hacking in Offensive Security teams in Ukraine and the Netherlands. Vlada combines the skillsets of an offensive security penetration tester and an incident responder, working on large scale incident response cases affecting large manufacturers, logistics firms and industrials in the UK, Europe, and North America.

Vlada joined S-RM in 2022 and holds certification in OSCP, CRTP, GCFA.

Waithera Junghae
Waithera Junghae
Associate, Cyber Security
Ailsa Wood
Ailsa Wood

Senior Associate, Cyber Security

Dan Caplin
Dan Caplin

Director, Cyber Security

David Broome
David Broome

Analyst, Cyber Security

Frank de Korte
Frank de Korte

Senior Associate, Incident Response

Gavin Hull
Gavin Hull

Associate Director, Cyber Security

Ineta Simkunaite
Ineta Simkunaite

‪Senior Analyst, Cyber Security

James Jackson
James Jackson

Associate Director, Cyber Security

James Tytler
James Tytler

Associate, Incident Response

Lawrence Copson
Lawrence Copson

Associate, Incident Response

Melissa DeOrio
Melissa DeOrio

Global Cyber Threat Intelligence Lead

Tim Geschwindt
Tim Geschwindt

Senior Associate, Incident Response

Virginia Romero Sanchez-Herrero
Virginia Romero Sanchez-Herrero

Senior Associate, Cyber Security

Vlada Kulish
Vlada Kulish

Associate, Cyber Security

Waithera Junghae
Waithera Junghae

Associate, Cyber Security

Download the report