Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From cybersecurity breaches to natural disasters, disruptive events can occur suddenly and without warning. As a result, it is crucial for organizations to develop resilient plans that not only respond to incidents in real time but also ensure long-term operational survivability. This article examines the concepts of incident response and business continuity, exploring their differences and similarities while offering practical strategies to integrate them into a cohesive operational plan.

A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway? Sophos’ Managed Detection and Response (MDR) teams reported on a phishing campaign late last year that attempted to trick users into installing LogMeIn Resolve (formerly GoToResolve), a remote monitoring and management (RMM) tool, to acquire remote unattended access.

For many organizations, ServiceNow operates as the system of record for governance, auditability, and compliance. But when incidents occur, engineers often need to consult external tools to identify and resolve the root cause. When investigations are siloed from the system of record, engineers must return to ServiceNow to manually update work notes, incident statuses, and mandatory resolution fields before closing tickets.

Why do traditional incident response playbooks break in Kubernetes? Pods spin up and disappear in seconds, destroying forensic evidence before you can investigate. Attackers exploit service account tokens and move laterally through east-west traffic that perimeter tools never see—over 50% of ransomware deploys within 24 hours of initial access, leaving no time for manual investigation methods built for static servers.

Too many organizations today still rely on "legacy" retainer models. These traditional contracts are often rigid, opaque, and reactive, and designed for a world that no longer exists. That’s why LevelBlue is proud to announce the Resilience Retainer. This is a modern, flexible approach built on our experience of handling more than 9,000 cyber incidents worldwide. This up-to-date approach is a necessity, given the long-lasting impact an incident can have.

CrowdStrike has been independently assessed and assured against the National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Standard, a UK government-backed standard designed to help organizations identify incident response providers with the capability, governance, and technical competence to manage serious cyber incidents.