Is Your Organization Prepared to Measure Incident Response?
Odds are, your business is going to be hit by a cyber-attack.
It may be ransomware which 47% of U.S. businesses say they’ve fallen victim to in the past 12 months. Or phishing attacks which impacted 85% of businesses in 2015. Or maybe even a DoS attack, the annual frequency of which could very well reach 17 million by 2020.
Ultimately though, cybercrime is booming and doesn’t show any signs of slowing. And if your business doesn’t plan accordingly, you may be one of the many that never recovers from an attack.
That’s where incident response comes in. Having an incident response plan in place in the event of a breach can mean the difference between near instantaneous detection and a mean time to respond (MTTR) that leaves your company vulnerable for hours at a time.
Below are three common challenges that businesses are currently facing when it comes to building an effective incident response plan that just may end up saving your business.
IT Workforce Shortage
Information technology, and more specifically, cyber security, are two industries that are notoriously understaffed.
A Frost & Sullivan and (ISC)2 report in 2015, predicted that cybersecurity workforce will have more than 1.5 million unfilled jobs by the year 2020.
And those predictions only seem to be getting worse. A more recent 2016 study from security advocacy group ISACA estimated that this number is set to rise to two million unfilled positions by 2020.
What’s more, the same report indicated that 84% of organizations today believe that 50% or less of cyber security applicants are actually qualified for the position, a problem that causes 53% of organizations to experience delays spanning up to 6 months in order to find qualified applicants.
And when an organization does finally recruit a cyber security professional with the right skills, they’re only expected to stick around in the position for about 3 years on average, partly because 46% are solicited by other organizations on a weekly basis.
It seems the bleak reality of the situation is that, despite the growing cyber security threats that modern businesses are facing on a regular basis, the workforce is underqualified, undermanned, and uninterested in sticking with one company.
Another problem with putting an effective incident response plan in place is that there are significant workflow difficulties that hold back IT professionals from taking on new efforts.
Due in part to the critically understaffed cyber security positions at many companies today, analysts are regularly inundated with more problems than they can handle effectively.
A report on the industry sponsored by automation company Demisto pointed out that the biggest challenges for incident response IT professionals are facing today are that there are far too many information security tools to manage (according to 37.7% of respondents), there are too many incidences to effectively juggle (36.1%), and there simply isn’t enough time in the day (34.4%).
Automated incident response systems could stand out as a potential solution. These systems can help deal with minor breaches and other attacks according to a predetermined set of actions. This would, of course, allow cyber security professionals to tackle much more complex problems without being constantly subjected to and distracted by minor alerts.
The Demisto report noted that 40.4% of respondents felt they experienced more alerts than they or their staff could handle at their current scale. Beyond that, 47.4% weren’t always sure which alerts to prioritize, driving up MTTR and causing the damage to spread even further.
With a more well-defined incident response plan featuring proper playbooks and protocols, however, any company can cut down on their indecision and focus on the most important problem at hand.
Having A Proper Plan in Place
Despite the growing threat of cyber-attacks and an average of 350 incidences per week according to the Demisto report, an alarming 30% of respondents still did not have any playbooks, runbooks, or any other guiding documentation to facilitate appropriate incident response procedure.
What’s more, a whopping 80% of small business owners in 2015 had absolutely no cyber-attack response plan in place, an especially chilling statistic considering 45% of business owners were the victims of cybercrime without knowing it.
Instead of waiting to put in the necessary resources after an actual breach (or not changing your plan at all afterwards like over half of organizations today), the best approach is, of course, a proactive one. Waiting any longer just might be your company’s final mistake.
Incident Response More Important than Ever
In today’s increasingly hostile digital landscape, companies simply can’t afford to continue with business as usual when it comes to cyber security. There needs to be considerable proactive efforts both on the parts of IT and at the executive level to champion effective incident response measures in order to overcome the common challenges in cyber security today.