There are several ways in which an organization may discover that it has been the victim of a cyberattack or that an unauthorized third party has gained a foothold within its information technology (IT) environment. Perhaps most commonly, an organization’s own endpoint detection, network monitoring, and other technical security controls identify and quarantine malicious cyber activity and allow for an investigation into the nature and scope of the event. In some rare occasions, an organization