Based on the findings of this research, here are 5 actionable steps organizations can take today:
1: Build a secure foundation
No organization is immune to cyber attack. Ensure the foundational security controls are in place to help you catch threat activity before it becomes a significant problem for your organization. Strong identity protection like multi-factor authentication remains vital in slowing adversaries, as it better secures the weakest link in any security organization’s posture: humans.
2: Test the process, close the gaps
Given the importance of incident response, testing the process should be of the utmost importance, especially given the significant number of respondents reportedly lacking adequate tools, having insufficient expertise on staff, and spending too much time investigating low-level alerts. Security leaders are turning to a variety of methods for assessment, but many are overlooking vital practices. Conduct incident response exercises on a regular basis, update your incident response process based on frameworks like NIST, and measure any changes in performance based on the response to actual incidents.
3: Adopt security best practices
Organizations not following best practices in their security operations aren’t setting themselves up for a high likelihood of success. While introducing best practices and formal strategies won’t automatically make an organization more secure, it will provide a clear structure and enable easier measurement of security processes’ effectiveness.
4: Build a bridge to legal counsel
Legal implications of being breached remain uncertain to many organizations, with almost half the survey respondents reporting a lack of clarity on when to engage counsel about a potential breach. By fostering collaboration between infosec and legal, organizations can eliminate this uncertainty and create an easy pathway for staff to follow to get quick answers when an attack is underway and time is of the essence.
5: Partner with third-party providers
Security leaders are increasingly recognizing the benefits of third-party partners that provide managed detection and response. With security teams inundated with alerts, adding extra people is not always the most efficient, or practical, option. Bringing on a third-party provider as a partner can have an impact across the incident response process, particularly in the areas that security leaders care about the most: improving time to containment and response to threats, augmenting in-house security expertise, and increasing automation.
Security teams around the globe have responded brilliantly to the unprecedented challenges they’ve faced over the past year. Unfortunately, the immense pressure that teams are under doesn’t show signs of letting up anytime soon. With one dangerous attack following the other, the time to implement improvements is now.
As we head into the second half of 2021, it’s a prime time for security teams to reevaluate their detection and response capabilities, adopt new best practices, and shore up incident response plans. In the face of budgetary and staffing constraints, this can often mean bringing in trusted partners to help fill in any gaps in resources or expertise. Third-party providers like Red Canary can help speed up containment and response to threats, augment in-house expertise, and increase automation of processes. Contact us to learn how we can help turn last year’s incident response challenges into newfound confidence for 2022.