One of the difficulties organisations face when they've experienced a cyber incident is that every attack has its own unique characteristics according to Mark Goudie, APJ, Service Director for CrowdStrike.
When asked what happens when they first respond to an incident with a client, Goudie told Digital Nation, "Typical for us is not typical for most, because we're responding to cybersecurity incidents in the main. We're walking into issue that the client is facing and trying to unravel that for them."
He said they want to understand how someone has got into their network and what the impacts might be.
"Our job is to minimise that damage that has already happened, and ensure that they are in a much better position, after we leave.
"The goal is to not just get rid of the threat actor in the network, but to ensure the client is better prepared to respond to the next incident."
Indeed, according to Goudie, as the cyber threat landscape has evolved, attacks have become more atypical, and now many of the responses tend to be more bespoke.
"There was a time in the past, when you would do a lot of similar types of incidents, where you would see industry verticals being attacked by a particular group. That tends not to happen quite as much as it used to 10 or 15 years ago," he explained.
In the past, he said it was more typical to see particular vertical industries, particularly around the payment card industry, or banking and finance where particular groups that would target them.
"Some of them even named their groups after the particular victim organisation. That couldn't have been very pleasant for the victim and that doesn't tend to happen as much anymore.
"Now that they're very much focusing on their capabilities and using their capabilities across as many wide and disparate organisations as they can," he added.