Incident response has traditionally been a post-mortem investigation that begins after the attack has been completed and the business has suffered from the impact. According to a recent Verizon Data Breach Investigations Report, 58% of attacks go undiscovered for several months or more and it takes an average of 46 days to resolve an attack.
The evolving threat landscape in today’s world makes it highly likely that almost any organisation will be the target of a cyberattack that typically results in IT disaster, among other consequences. Those that would never have thought themselves a target of a sophisticated attack are increasingly finding themselves attempting to recover assets, restore encrypted servers, and, ultimately, save their businesses. And despite the strides made in attack detection, many organisations have struggled to adapt their approach to leverage new response technologies and capabilities.
There are numerous examples of companies suffering from the long-term impacts of a cyberattack with the IT disasters resulting in many having had to close up shop, however one shouldn’t operate only in terms of fear of attacks themselves. When discussing cybersecurity and response readiness it’s important to understand how a few targeted investments can help not just in terms of money, but also in saving time, effort and saving people’s jobs. The speed of response within a narrow window of opportunity can dramatically change how a business recovers from compromises.
There are certainly also difficulties in trying to control the security of your suppliers. You can vet them, but they face the same challenges in securing their organisations as you do. The surge in supply chain attacks over the last two to three years is astounding. As large, established organisations bolster their security capabilities, attackers continually turn to smaller, less secure companies in the supply chain to gain access to the companies they service. But many companies understandably struggle to grasp the vastness of their supply chains and the vulnerabilities that they create. Even the new printer installed last week can provide an entry to your estate.
If you don’t have the required information to hand in your organisation, you should bring in people who can represent you appropriately and bring your board up to speed. Thereafter, you can engage with a third party that can help you tease out the correct metrics. Making your organisation aware of and actioning these elements could make the difference between you controlling a cyberattack, and a cyberattack controlling you, which results in far bigger challenges when it comes to disaster recovery. Attack detection has come along in leaps and bounds over the past few years, and is improving still. However, there is still a large time gap between an attack being detected and the appropriate response actions being taken to contain and remediate it.