With cyber-attacks getting increasingly more sophisticated, enterprises have no option but to accept that they are vulnerable and be agile for managing threats.
Organizations cannot afford to start dusting off their incident response (IR) plan, after a data breach happens. If an enterprise has not gone through the rigors of several exercises to understand what to do and what to expect, pulling out the IR plan during or after a cyber-attack occurred has a little impact. The readily available zero-dollar IR retainers are not the best path forward either. However, they may be cost-effective only if there is no breach, in reality breaches happen. And when they do, the CISO must make sure the emergency call is made to a team that knows the organization and is able to mobilize quickly with a custom response as the time is of the essence.
Every year Ponemon Institute reports the relationship between the time required to identify and contain a breach to the financial consequences. The recently released Ponemon ‘Cost of a Data Breach Study’ states that the average total cost of a data breach is $3.86 million with a 28% chance of recurrence. It now takes 197 days to identify and 69 days on an average to contain a breach. That is a huge cost by any yardstick. To better protect themselves from attacks, organizations can no longer adopt a reactive approach. They need to shift to a proactive one – incident response and further to a proactive incident readiness mindset.
Fortunately, organizations have started to recognize this and are taking action. According to the Cisco 2019 CISO Benchmark Study, almost 50% of the respondents are focusing on the ‘time’ factor to measure their security posture. This is up from 30% to what was last year.
A Gartner report also states that cyber-insurance carriers are looking closely to the offerings by IR retainer services organizations. By 2021, they expect that at least 40% of retainers will be approved from an insurer-approved list.
Since a proactive approach to IR requires skilled security professionals to have an ongoing attention, for most organizations, it is difficult to hire such talent and even harder to retain. This has increased the focus on IR retainer services. Experts opine that when the outsourced resources are not actively engaged in incident response, their security leaders take advantage of the additional bench strength to sharpen their internal teams’ skills as well as improve their security posture.
While hiring IR retainer services, experts suggest ensuring that the services use threat modeling for identifying attack types. The IR plans must include playbooks and tailor them in order to fit the enterprise needs to respond quickly and comprehensively.
It is also important to conduct a compromise assessment, which can provide a broad view of the current risks in the system that may or may not have been compromised in the past. A report of this can provide recommendations to close the gaps to proactively mitigate potential attacks. Experts believe that only threat hunting can provide focused answers and needs to done continuously to find breached systems and active threats.
Read More: Top 4 Cybersecurity Trends in 2019
Experts also suggest conducting cyber-range workshops that enable the teams to learn from the attacker as well as the defender point of view. Cyber range allows the IR teams to gain relevant experience across multiple attack scenarios.
Shifting to a proactive approach is critical, but identifying partners who can provide the needed capabilities is a challenging task. An understanding of what is possible can help navigate the complexity and find a partner that can help increase preparedness, build resiliency, and respond more effectively.