We’ve seen time and time again how businesses have done a poor job detecting breaches and even an worse job handling an hacking incident. Part of the problem can be traced to mindsets and how incident response has been viewed strictly as a reaction to a cyberattack. More attention has been paid to hardening defences to prevent an attack than to learning from past incidents or preparing for the inevitable. In a modern threat landscape a new approach is needed - continuous response.
Continuous response is not just a plan to respond to a one-time incident, it is a strategy to keep all hackers at bay. Gartner estimates that by 2020, organisations will dedicate 60 percent of their cybersecurity budgets to “rapid detection and response” — otherwise known as continuous response. As more executives, CEOs and board members accept the fact that attacks are going to happen, the emphasis must shift to preventing and responding to attacks.
CrowdStrike, the leader in cloud-delivered endpoint protection, have shared five key points that business needs to address to ensure they have a continuous response approach to cyber security.
What you don’t know will hurt you: It’s incredibly important to understand the business infrastructure as well as how an organisation connects to vendors, customers or other partners – this is the first step in creating a solid plan. What devices are connected and what are their vulnerabilities? Where is sensitive data stored? It's become clear that there's still too much that most executive teams don't know about how to architect their strategy for success. And when it comes to cybersecurity, what you don't know will hurt you.
Align cybersecurity with business objectives: The role of CISOs has evolved to include protecting the brand, ensuring regulatory compliance, and assisting with risk management. They are also responsible for explaining security strategies but they need to improve their communication skills when relating to other C-level executives. CISOs need to define their security strategies in business terms to demonstrate that cybersecurity is a group effort. More tools, more problems: Layering security tools may actually hinder incident response processes. Each new tool requires training, custom configurations, and even integration with other cybersecurity tools. This process takes time, resources and increases the complexity in understanding and reacting to actual security incidents, slowing down response times.
Endpoint Detection and Response (EDR) is needed for complete visibility: EDR monitors endpoint and network events, recording the information so further analysis can take place. Ongoing monitoring is facilitated through the use of analytics tools, which identify tasks that can improve the overall state of security by deflecting common attacks and facilitating early identification of ongoing attacks – including insider threats and external attacks, as well as enabling rapid response. According to Gartner, “Organisations investing in EDR tools are purposefully moving from an ‘incident response’ mentality to one of ‘continuous monitoring’ in search of incidents that they know are constantly occurring.”
Communication is key: Every company’s overall security strategy should incorporate a data breach communication plan, for both internal and external communications. Having this in place ready to go will ensure you can respond to a breach effectively and quickly.
In today’s threat landscape, it is essential for organisations to have real-time accurate knowledge of their IT security so that responses to external and internal threats can be made quickly. Having a continuous response plan can make the difference between a swift recovery or a situation where every minute the incident remains unresolved results in financial or reputational damage.