Jun 30 2022

3 Shifts Driving the Need for Improved Incident Response

Worsening threats, new insurance mandates and changes to infrastructure and governance create security challenges that incident response can help solve.

For organizations squaring off against today’s sophisticated cybercriminals, the stakes are high: A successful breach can result in costly downtime, loss of valuable data, reputational damage and even the risk of legal action.

Incident response programs help mitigate the impact of such events by enabling companies to act swiftly and thoroughly in the likely event of compromise. Many organizations already recognize the value of such a program, but in this global threat landscape, there is no such thing as being too prepared.

EXPLORE: processes, solutions and services for strengthening your incident response program.

Here are three important reasons you should consider adopting or expanding your incident response plans this year:

Ransomware Attackers Move Swiftly Once Inside Your Network

According to the cybersecurity website Dark Reading, median dwell time for all cyber incidents fell from 56 days to 24 days between 2020 to 2021. Although the drop is in part driven by organizations’ growing adeptness at detecting threats, the larger truth is much darker: Overall dwell time has decreased so significantly because today’s ransomware sits on the network for a median of just five days before locking organizations out of their systems.

“It’s going so quickly, so stealthily, that we don't even have as much time to catch inconsistencies before we’re already locked down,” says Mikela Lea, a CDW field solution architect focused on security assessments.

The reduced time from system infiltration to the arrival of ransomware demands makes it even more critical that IT teams have a plan in place for responding to incidents the moment an inconsistency is detected.

Click the banner to unlock exclusive security content when you register as an Insider.

New Mandates from Insurers Make Incident Response a Wider Priority

Cybersecurity insurance policies can reduce the financial impact of a security incident; however, with the ever-growing threat of ransomware and other attacks, insurance companies have become less willing to foot the bill for customers that aren’t taking precautions.

This reluctance can lead to one of two outcomes for organizations: Their insurance companies are either not providing coverage if they don't have certain proactive measures in place, or their premiums are going up.

For some organizations, those consequences have drawn the attention of finance departments or other upper-level executives who had previously not had a hand in security. That means IT professionals should be prepared to defend their incident response plans should they come under the spotlight with new stakeholders.

Sidestep Common Mistakes: Discover avoidable incident response errors in this CDW white paper.

Evolving Solutions Require Governance and Security Documentation

The pace of change in a hybrid work environment also reinforces the need for formal security policies and procedures. For instance, even before the COVID-19 pandemic accelerated cloud adoption and remote collaboration programs, organizations consistently looked to digital innovations to provide reliable and secure connectivity.

Nearly every technology change that organizations make can affect incident response planning. CDW’s Lea notes that even if an organization is making minor changes that affect data generation or storage, it should have a clear governance framework in place. Who's going to have the ownership of it? How is it going to be managed? All of this needs to be documented ahead of time,” she says.

Mergers and acquisitions represent another area where documented security policies and procedures become incredibly important.

“We need to test those new environments before we add them,” Lea says. A thoughtfully designed and executed incident response program helps ensure no stone is left unturned.

Getty Images/Tippapatt

aaa 1

Register