Speed matters - why incident response times could make or break a security response

Published on: 16 Nov 2021

When it comes to dealing with cyber crime, the mindset for businesses should always be that it's a case of when, not if, you get attacked. Even the most prepared firms with the strongest defences can fall victim to hackers, so it's how you react to this that can be the difference between an ineffective attack and a costly one.

Therefore, a key task for those in cyber security jobs is to be able to respond quickly to such incidents and contain breaches before they have a chance to cause real damage. Yet this is something that is proving especially tricky in today's environment.

For instance, recent figures from US cyber security firm Deep Instinct revealed the time it takes to investigate threats is a key barrier that prevents firms from improving their endpoint security. Almost four out of ten respondents from large enterprises (39 per cent) rated this as an issue, ahead of challenges such as a lack of SecOps staff (35 per cent) and complexity issues (26 per cent).

What's more, 41 per cent of respondents added their biggest security fear is 'hidden persistence' attacks, where threat actors lurk in systems for prolonged periods without detection.

The challenges caused by slow responses

These advanced threats, which may go undetected for weeks or even months, can gather up huge quantities of valuable confidential data before they are discovered. However, even once a threat is spotted, it can still take a long time to shut it down completely.

For instance IBM's 2020 Cost of a Data Breach report found that last year, it took firms an average of 228 days to identify a breach, and then a further 80 days to contain it. Overall, the average lifecycle of a breach, from intrusion to conclusion, stood at 315 days.

Lengthy response times translate directly into higher costs for firms. IBM noted that breach lifecycles that last under 200 days cost firms $1 million (£734,000) less than those that last longer than this.

How cyber security pros can react faster

It's therefore clear that being able to improve response times needs to be a top priority for businesses across all sectors, and having skilled and experienced cyber security personnel will be the key to this.

For example, firms should ensure they have a well-rounded team that includes experts in areas such as digital forensics and data analysis. As well as being able to review incidents to identify areas for improvement, employees such as information security analysts need to be able to evaluate behaviour within their networks to spot any unusual activity that may be indicative of a breach, then classify it correctly and respond accordingly.

Being able to conduct simulations is another vital part of a good incident response plan, as this enables firms to identify any weaknesses in their plans that can slow down response speeds. For instance, issues that may typically hinder mediation activities may include people being unsure whose responsibility key actions are, if they can't communicate effectively, or the tools they have in place aren't up to the job. 

All these factors can be mitigated with an effective incident response plan, so professionals with experience in developing, testing and implementing these documents will therefore be in high demand among business. 

Browse our range of cyber security jobs today.