Home-Banner Incident Response When your organisation is under attack, every second counts. Pragma’s CREST Incident Response is driven by a proficient cyber incident response team, possessing vast experience in handling high-profile and business-critical investigations. Global Emergency Incident Response Assistance Talk to a Security Expert now
Incident Response Services
Pre-Loss Services

Cyber attacks happen every 39 seconds. Preparation is a critical part of reducing the threat of an attack and mitigating the costs of cyber crime. Pragma’s Pre-Loss Services can help your organisation take the necessary steps to prepare for a cyber attack.

Security Software

  • Pragma will implement new protective software to identify weak points that can be fortified. Special emphasis will be placed on Personal Identity Protection.

Awareness Training

  • We will train your employees and staff about their role in cybersecurity. Best practices will be identified, explained, and encouraged.

Compliance Audit

  • Pragma will show specific actions to take to minimise risk by auditing compliance to security and data protection standards.

Strong security software, engaging and practical training, and stringent compliance audits work together to form a comprehensive pre-loss plan.

Cyber Incident Response

If your organisation is ever targeted, Pragma can be there to defend you. Our Cyber Incident Response Team (CIRT) can help you take the best steps at the earliest possible moment. Pragma will assign a dedicated Incident Response Specialist to your case who will help you take these steps:

  • Conduct a triage and quickly perform containment and restoration.
  • Bring together your own team to manage your operations from the inside.
  • Switch to backup servers as quickly as possible if these are available.
Cyber Forensics Investigation

Everyone wants to understand why they were attacked. You want to know how this attack happened. Pragma’s Cyber Forensics Investigation will give you these answers. The forensic capabilities of Pragma’s investigators come from law enforcement, intelligence and litigation training and experience. Our CIRT has years of experience dealing with cyber threats, attackers, and analysis.

In combination with the latest digital forensic techniques, our training and experience enable us to supply valuable viewpoints when investigating complicated cases.

We conduct the following investigations

  • Malware and Malicious Code Analysis
  • Phishing and Email Fraud
  • Unauthorised Access and Compromised Machine Analysis
  • Distributed Denial of Service (DoS/DDoS)
  • Policy Violations or Improper Usage
  • Ransomware Payment and Recovery
  • Forensics Imaging (including mobile devices)
  • Fact-finding, Live Interviews and Evidence Collection
Recovery and Remediation

Downtime can cost more than just money. It can cause lasting reputational damage to an organisation. One of the primary goals of our Cyber Incident Response Team is to get you up and running as quickly as possible. During the recovery phase of cyber incident response, our team will work to achieve your Recovery Time Objective (RTO).

Operations can be recovered to Pragma’s CloudControl platform within minutes of starting the recovery phase. CloudControl is our secure cloud platform powered by Amazon Web Services (AWS). It provides continual visibility into compliance risks across your environment to ensure you meet global risk regulations.

Other aspects of our recovery and remediation services include

  • Rapid Recovery to the Cloud
  • On-site System Recovery, Restoration from Backup
  • Rebuilding of Systems and Technology
  • Dedicated IT Support Team
Ransomware Response

Ransomware attacks are a grave threat. If your organisation is experiencing an attack or has received a threat, then you are already aware of the damage that could be done.

Some people find it easy to suggest ransoms should never be paid. However, victims targeted by these sophisticated attackers often feel there is no other choice.

If you are targeted by a ransomware attack, you should seek specialist help before deciding your course of action. Our CIRT will help you evaluate the situation so that you will be in a better position to decide.

Ransomware Analysis

  • Our analysis of the ransomware strain determines the likelihood of permanent data loss or corruption. We also identify the probability of the attacker returning the data or supplying a decryption key.

Ransomware Negotiation Service

  • Pragma conducts negotiations using the attacker’s native language and pre-created online identities. Our
    strategies minimise the amount paid, lower possible risks during payment, and focus on your recovery.

Facilitation of Ransom Payment

  • A check against the OFAC Sanctions List is made prior to the ransom payment.
  • We deploy pre-created online identities, bitcoin accounts, and payment systems to ensure a successful transaction.

Decryption and Recovery

  • “Proof of Life” trial of decryption key using sample files.
  • Technical confirmation of decryption accuracy through sample decryption.
  • Written decryption instructions and assistance during the decryption process.
  • Incident report to meet your insurance and compliance obligations.

Our ransomware response avoids unnecessary payments, shuts down repeat extortion, and helps you focus on your organisation’s recovery. If criminals are demanding a ransom, turn to the experts.

Security Strengthening

After an attack, Pragma investigates the vulnerabilities of the affected systems. Our investigation and analysis provide vital information about weak points in your system’s security. This information shows us vulnerable areas we can strengthen to guard against further attacks. Pragma’s Security Strengthening services aim to increase your network and device security to prevent digital attacks. Antivirus programs, advanced firewalls, and AI-driven threat scanning are all part of our security strengthening approach.

Industry-Leading Security Tools

  • Acronis comprehensive backup solution, so you never have to worry about your data.
  • Office 365 environment review and hardening to reduce phishing attacks.
  • InsightVM gives fast and accurate detection of your system’s security vulnerabilities.
  • Comprehensive firewall review and configuration to reduce your system’s attack surface.
  • Identity management tool provides complete visibility of user access and activity.
  • CyberKit gives your organisation new abilities to detect operational threats.
  • CloudControl offers rapid recovery to our secure cloud environment hosted on AWS.
  • Seawall integrated risk management solution designed to enhance maritime security.
  • Sophos cloud-based endpoint protection provides security right to the edge of your network.

All these tools and strategies work together to provide your organisation with an enhanced, multi-layered security solution designed to drive off attackers before they strike.

For a full list of security strengthening services, visit https://www.pragmastrategy.com/secure/

Retainer Services

Your organisation can benefit from a constant security presence. Our retainer services provide you with a fully trained Incident Response Specialist who can work with you consistently to enhance your digital security.
You can expect:

  • A specialist who is guaranteed to be available when you need them.
  • Your designated specialist to respond rapidly to any security event.
  • You can have peace of mind knowing our team is always there for you.

Zero Upfront Incident Response Retainer

Managed Detection and Response

No one feels safe while simply waiting for an attack to come. Pragma believes proactive security is better than simply hiding behind a firewall. We have designed a service to extend your protection beyond your perimeter.

Pragma’s Managed Detection and Response provides

  • Intrusion Detection
  • Malware and Malicious Activity Scanning
  • Rapid Response Threat Mitigation

This is a new type of security service integrating the dedicated experts, technology and intelligence required to overcome the shortcomings of an older Managed Security Service Provider model. We provide consistent and proactive detection, investigation, and mitigation services.

Years of combined security experience.
Service coverage in over 85 countries across Asia, Australia, the United Kingdom and Europe.
Rapid response times within 60 mins.
Our Partners
Do you need emergency assistance ?
Global incident response assistance from an expert.
“ Pragma saved our business and patient data from being destroyed. We are eternally grateful.”

– Chief Operating Officer, Regional Healthcare Services Company.

Case Studies
Common Threats Addressed by Pragma

Every successful ransomware attack has at least three elements

  • Victim’s data is encrypted and locked by the attacker.
  • Ransom payments are made by the victim.
  • Data is returned to the victim through decryption.

The key to successfully defeating ransomware attacks is planning.

Ransomware defence is best done in layers. We will use three layers of protection

  • Proactive hardening of software systems and employee training to prevent the initial intrusion.
  • Implementing a clear Incident Response Plan backed by a Cybersecurity Incident Response Team (CIRT).
  • Installing the necessary backup systems to defeat the need to pay the ransom.

If an attack occurs, we will quickly identify and isolate the affected systems. Swift containment and proper backups are often enough to stop a ransomware attack in its tracks. Payment of a ransom should be carefully evaluated only when every alternative has been exhausted.

Our CIRT has extensive experience defeating over 30 of the most common ransomware variants. We have helped many organisations defend themselves from these attacks.

Unauthorised access simply means the act of accessing information online such as business networks and systems, emails, websites, and bank accounts without consent. 44% of cyber attacks come through social engineering or human error. Both these strategies rely on unauthorised access. Upon confirmation of unauthorised access, Pragma’s Cyber Incident Response Team (CIRT) will quickly contain and stop further spread of any malware or viruses. We will perform investigations of the client’s technology and event logs to find the point of entry for the unauthorised access. As a final step, we will advise and help your organisation implement security measures such as firewalls, monitoring, and enterprise-level antivirus programs to prevent future problems.

More than 50% of phishing attacks target Office 365 (O365). Criminals target O365 because of its popularity amongst commercial users and easy access to a wealth of sensitive information. Phishing is a technique to trick users into disclosing their login credentials. If successful, the attacker can conduct further internal attacks from within the organisation using trusted accounts. These intrusions can go unnoticed for weeks and months.

In case of an attack, a Pragma Cyber Incident Response Specialist will respond with a thorough plan, including

  • In-depth investigation into the client’s O365 tenant account, event logs and user endpoint scanning.
  • Removal of suspicious rules created by the attacker from the tenant account and activation of audit logs to
    ensure no suspicious logins to affected or other accounts after the password is changed.
  • Recommendations to clients to strengthen their password policy for work systems, implement data loss
    prevention software, and enable two-factor authorisation on their O365 account.
Malware is the most common form of cyber attack. Trojans, viruses, spyware, and ransomware are designed to infect systems and cause damage. The damage caused can include denial of service, brand sabotage, data theft, and financial damages through ransoms. Attackers are constantly evolving new forms of malware to stay ahead of the defenders. Pragma’s Cyber Incident Response Team is also evolving through continual training and testing.

To protect our clients, we use several methods

  • State of the art malware removal tools.
  • Attack surface protection through access control, endpoint hardening, and multi-factor authentication.
  • Implementation of protective controls to reduce the likelihood of a repeat attack
Incident Response Process
Preparing the team to handle an incident.
Detection and investigation of the incident.
Limit and prevent further damage.
Removal of threat and restoration of affected systems.
Restore production environment on-premise or rapid recovery to Cloud Control.
Strengthen systems and provide recommendations.
Why us ?
Global Support

Immediate expert support whenever you need it from our global offices. Contact us

Rapid Recovery

Recover operations to the cloud quickly with minimum downtime.

Agile Response

Deployment of forensics in the cloud for rapid data acquisition and analysis.


CREST Accredited
As a CREST accredited Incident Response provider, you can be assured of the quality of our services and professionals.
Learn more.

Go-to Incident Responders

Partnerships with global insurers to improve incident support, claim handling and clients’ experience and satisfaction.

Articles and News
Responding to Office 365 Business Email Compromise
With more than 50% of all global businesses already using Office 365 and demand going...
Our Privacy Statement – Australian Region
This Privacy Statement sets out how Pragma Pte Ltd (“us” or “Pragma”) collects, stores, and...
[Download] Guide to Social Engineering Attacks
In the midst of large scale global events, cybercriminals are quick to take advantage and...
[Press Release] Pragma Joins Canopius Incident Response Panel to Combat Cybercrimes Amid Global Pandemic
Pragma, a young cybersecurity consultancy from Singapore has retained its spot on the cyber incident...
Emergency Hotline

If you suspect a breach, contact our emergency hotline supported by our global offices below. Not in these countries? Fill out the contact form below or email us at [email protected] Our experts will be in contact with you shortly.

Get In Touch
We are available in multiple regions across the world, supported by our global headquarters and partners’ offices.

[email protected]

Global Phone Lines.



35A Keong Saik Road, 03-00 089142 Singapore.

+65 3165 8788


United Kingdom

7 Bell Yard Street London, WC2A 2JR, United Kingdom

+44 20 3318 1470

Introducing Zero Upfront Incident Response Retainer
This is default text for notification bar