An ounce of prevention is worth a pound of cure. Isn’t it?
Few would argue with that logic, including many CISOs. And they’re not completely wrong. But the reality of the matter is that prevention alone doesn’t work in cyber security. With nation-state capabilities and tools finding their way into the hands of cyber criminals, too many attackers now have too many ways to bypass regular endpoint protection and other preventative measures.
And while reports of successful attacks now occur at an alarmingly regular rate, few companies seem to place enough value on developing strong incident response capabilities. 44 percent of survey respondents said they spend less on incident response than on their prediction, prevention, or detection capabilities. But having the right approach can pay off more than throwing money at the problem. How different teams work together, what kind of visibility those team have into their estate and events, how quickly they can mobilize to meet potential threats…answering these questions can give insight into how prepared a company is to actually withstand and repel an attack.
“Having the tools and techniques in place to quickly detect, contain and frustrate attacks as they unfold buys you time, and gives you an opportunity to understand the full picture about how attackers are exploiting your weaknesses and moving through your network. And they need to be sophisticated enough to avoid tipping off an attacker that you’re onto them, and prepared to evict them in one concerted push,” says F-Secure Countercept Managing Director Tim Orchard. “And its important to put these tools and techniques into the hands of the right team if you want them to work.”
F-Secure’s Continuous Response methodology, outlined in a new whitepaper, describes how companies can apply the three c’s of Continuous Response: collaboration, context, and control.
In practice, applying the three c’s can mean involving security personnel in business decisions, introducing standardized processes for escalation of events and communication between stakeholders, ensuring the security team’s visibility into a company’s entire IT environment, ensuring a smooth transition from incident detection to incident response, and much more.
Companies might not spend as much on response as other aspects of their security. And that’s ok if they have the right people, processes and services in place. Because everyone at a company, from the CEO to front-line personnel, will appreciate the benefits of an effective continuous response strategy when they see it in action.