Suspicious encrypted files, database changes, files manipulation, locked accounts, and changed user credentials… can it really happen to your organization? Maybe you are not in an estimated 54% of companies that experienced one or more attacks in the last 12 months but trust us, it is just a matter of time. A good starting point is to realize that only responding to an incident quickly will help an organization to reduce its losses, and most importantly, rebuild services and processes. Attacks are happening fast and hard, approximately 83% of the attackers need less than 24 hours after first client computer compromise to escalate privileges, exfiltrate data, encrypt all systems and dominate fully your environment. That is why it is crucial for every business to have an Incident Response Plan and handle a threat right after it's discovered. Join this session and find out how attacks are happening and how to design, implement and execute an effective Incident Response Plan. Watch the best practices and leave the class with practical, ready-to-use knowledge on the implementing and executing well-planned IR document. This will be supported by tons of experience from the field and analyzed use cases. During the presentation, I will be demoing most of the current threats, that happen to our Customers now. During the pandemic, in our Team, there have been many incidents that we have analyzed. We have also had a deeper look into hacker’s activities during this time. I would like to demonstrate real-life examples of attacks, starting from well-designed malware and post-incident threat hunting, ending up with the examples of kill-chains. It also demonstrates mitigation steps and risks. Everything will be up to date, reflecting the current state of cybersecurity threats in the market.