In Incident Response, Speed Is Everything

Data breaches, a rare occurrence not too long ago, have become the norm, forcing enterprises worldwide to adopt a paranoid posture with regards to the likelihood of disruption and loss of business.

Studies show that businesses in virtually every industry suffer from a cybersecurity skills gap, tight IT budgets, and a lack of awareness at the board level that IT investments should be regarded as a business driver, not just a financial burden.

Case in point: the latest Forbes Insights survey reveals that most companies still have a ways to go before establishing a robust posture toward cyber threats. The biz-focused outlet quizzed 1,000 security executives and practitioners about how efficiently their Security Operations Centers (SOC) respond to an incident. While being well aware that the time between detection and response is critical, three quarters admitted they were less than satisfied with their speed in responding to and resolving security issues.

“The survey shows that many organizations are, in their inability to act quickly, exposed by a potentially harmful gap in their security posture,” the survey-takers said. “Speed is a cybersecurity goal that traverses areas such as the provisioning of computing services and incident response. The ability of organizations to detect and respond to incidents or breaches—and the speed with which they resolve them or patch vulnerabilities—cuts to the core of the brand.”

What measures, then, should organizations take to fill the incident response gap? Experts advise organizations to become software-defined, as a first step towards cyber resilience. Automating all stages of application development, from the provision request to production, ensures that the build and security testing fold seamlessly together, surveyors said.

Another important step is to enable the SOC to analyze incident alerts quickly, effectively and accurately. Using AI in incident response allows SOCs to automate patch management, analyze non-trivial threats (reduce alert fatigue), as well as demonstrate compliance for regulations and audits.

These are just some of the key findings in a broader research by Forbes experts. However, the survey results corroborate data from another recent study on the cyber security posture across various industries. The research, conducted by Ponemon Institute, shows that incident response may be the weakest link in mitigating cyber risk. Only 34% of respondents in the survey said they had security personnel with the skills needed to identify and resolve malicious insiders, and 52% said they used service providers for analysis and incident response. Only 21% of organizations said they were “going it alone.”


*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/yUBUUAU5SIw/when-it-comes-to-incident-response-speed-is-everything