Cyber Incident Hub

Data Theft / Privacy: First 24 Hours

Use this playbook when you see unusual data movement: large outbound transfers, unexpected cloud storage activity, odd access to file shares, or alerts suggesting sensitive data may have been exfiltrated.

Business Email Compromise (BEC): First 24 Hours

Use this Playbook when you observe: suspicious mailbox logins, forwarding rules to unknown addresses, fraudulent wire instructions, MFA fatigue alerts, or vendor complaints about unusual emails from your domain.

Ransomware: First 24 Hours

Use this Playbook when you observe: sudden file encryption, ransom notes appearing, unusual mass file renames, EDR/AV alerts, outbound exfiltration spikes, or stolen SSO tokens.