The question of whether a given business suffers a cyber breach is sometimes posed in terms of not “if” it happens, but “when.”
It’s the “when” part that particularly concerns me these days – or to express the subject in our industry vernacular, incident response.
How a business manages the aftermath of an attack is, arguably, just as important (if not more so) than anything it does to prevent such a thing from happening in the first place. Ideally, the breach is handled quickly and efficiently, in a way that limits damage, reduces recovery time and costs and allows the business to move forward.
With FusionX having joined forces with Accenture, incident response is among our key priorities as we help clients build a comprehensive cyber defense platform, suited to fend out today’s and tomorrow’s threats.
Incident response is also at the top of my list here in Las Vegas this week during Black Hat USA 2016.
Why? Because there is a clear gap in the way we as an industry have matured with incident response. We’ve taken a direction that is overly reliant on software, promising a silver-bullet, fix-all solution. At the same time, the scaled, incident response workforce we’ve built may not truly understand the threat to which it’s responding.
The Kids Are Not All Right
To “double-click” on this issue for a moment, many IR offerings in the market today are oriented on selling software designed, all or in part, to help clean up after a breach.
This tried-and-tested business model revolves around rapidly deploying software as part of a breach response service, at the customer’s time of most need; it’s software that would in any other situation be “baked off” against other competing (and maybe better) products and put through months of quality assurance and procurement diligence prior to enterprise-wide deployment.
Thanks to this model, we have further complicated matters through a tendency to hire a junior-level, inexperienced workforce. In reality, knowledge of using software and having the experience required to effectively respond to an actual breach are two very different things.
There are good reasons why the stereotypical TV show detective is often a grizzled, curmudgeonly sort – you want someone with experience dealing with crime scenes. Properly handling a cyber breach really requires someone nimble enough to adapt to any environment, someone with a decade or more experience in the field.
Where is the Smart Money Spent?
We move forward with Accenture with a few goals in mind. For starters, we want every client to have the most robust incident response program they can get.
We will be more than a “me-too” player. We’ll be product-agnostic and, more importantly, adversary-focused. Remember, there are real humans behind every cyberattack - these aren’t coming from a piece of faceless software.
After a breach, business leaders demand more than the technical, nuts-and-bolts explanation – they want to know who did it and why. We aim to provide understanding of what went on and why.
Today’s cybersecurity environment is no longer about having sufficient budget to address threats. The question needs to be where the “smart money” is spent. Software and an inexperienced workforce do not allow customers to truly learn from a breach and make informed cybersecurity investments with measurable returns.
In the coming year, we will continue to make strategic investments in addressing this growing challenge, including growing our threat intelligence and global delivery capability.
Of utmost importance, we must continue to innovate and evolve our approach to incident response, as aggressively as the adversaries that our customers face on a daily basis.
View our Slideshare on Continuous cyber attacks: Building the next-gen infrastructure