No one wants to respond to a security incident or a breach, particularly at the start of a new year! Instead the highest priority should be to stop a cyber threat before it compromises the organization. But in reality, preventing a cyberattack from landing is not always possible. The steps for incident or breach identification―from threat hunting to searching for explicit Indicators of Compromise (IoC)—are well established. While the processes will vary from organization to organization, malware, compromised accounts, lateral movement, etc. will all need to be addressed as a part of any formal clean-up plan.