By Neil Ellis, CIO and CISO at CafeX Communications
Disparate Solutions Are Costing Your Organization
Breaches from the past year have made clear that current approaches to Cyber Incident Management need drastic reassessment. The average total cost of a breach rose by 10%, with lost business, compromised information, and time to resolution being central determinants to the severity of the breach. Despite differences in type, size, industry, and sector, breached organizations shared a siloed and unadaptive approach to managing risk and responding to incidents. However, there were organizations that managed incidents with quick, effective, and comprehensive responses.
The success of their approach can be identified in three conclusions:
- Incident Management is cross functional and needs to connect the right people to the right information in order to make the best possible decisions.
- Incident Management is multifaceted and multi formed, and should bring in stakeholders across the organization according to their roles and expertise.
- Cyber risk is increasingly dynamic and enduring, and requires solutions to automate baseline requirements, such as application integrations, knowledge management, and information sharing, so that SOC teams can focus on strategy, rather than the manual, error-prone tasks of their response.
SOCs lack solutions that allow them to visualize and collaborate on their response end to end. Collaboration solutions maximize the value of existing technology investments with embedded integrations that allow teams to act on information from one view, in real time. With a unified view and an adaptable way to structure responses, collaboration solutions help SOCs coordinate their people, tasks, and applications to improve decision making and streamline the overall process.
Incident Management is Cross-functional
Historically, security teams have been solely responsible for handling incidents. Despite security’s expertise, compartmentalizing the response to them alone fails to address the complexity of the breach. This approach siloes information, leaving out necessary perspectives and knowledge from the rest of the organization.
The organizations that came out on top of breaches were the ones that recognized incident management as a cross-functional effort. Incident Management needs to be threaded throughout the organization so that the right people are tasked with the right assignments and
informed with the right information in order to make the best decisions possible. With clearer procedures for how events are managed within the organization, tasks can be assigned with expertise, and collaboration can be managed efficiently.
Where collaboration can help:
- Create detailed logbooks of any event, which teams can use real-time to inform the actual response, and down the line in the process improvement stage. CISOs can view how their teams performed, assessing their activity to identify the strongest candidates for each role, and their competency to deliver on its responsibilities.
- Prepare response plans targeted to specific events. With workflow automation, connect tasks with relevant information, applications and other tasks to streamline the response.
The Response is Multifaceted and Multi-formed
Historically, the majority of approaches to Incident Management were in having a small team that worked off of a relatively generalized response plan, but recent breaches have shown the shortcomings of this type of approach. Incident Management is much more effective when the response is communicated across multiple stakeholders and developed with their involvement.
Where collaboration can help:
- Assemble internal and external stakeholders by connecting through chat, voice, and video to align on status and priorities.
- Notify the team with updates and task assignments so that the response maintains accuracy and control.
- Access to key documents from multiple information sources with embedded integrations and powerful search capabilities.
Risk is Increasingly Dynamic and Enduring
Incidents are not one-off or temporary threats. They are ongoing developments to the circumstances of the organization and its environment. While the nature of a breach is unpredictable, the probability that it occurs is not. The organizations that got in front of breaches invested in solutions that streamlined and automated the structural elements of their response, such as application integrations, knowledge management, and information sharing, so that their response teams could focus on strategy rather than manual, error-prone tasks.
Where collaboration can help:
- Provide teams with a quick way to meet, gather information and respond to the incident.
- Organize past and incoming information that can be visualized and designated to specific tasks, role assignments, and stages of the response.
- Record all response activity to provide insight in real time, and post-incident for process improvement, auditing, and reporting.
The Success of Incident Management is in Collaboration
Existing solutions are not fit to manage incidents, which have become increasingly complex, diverse, and interconnected. CISOs can maximize the value of existing technology investments, and even more, improve their response, by investing in a collaboration solution to unify their response. Solutions like Challo track chat, video, and voice communications alongside incoming information so that SOCs can improve decision making and the overall quality of a response.
About the Author
Neil Ellis is the CIO and CISO at CafeX Communications, which has developed Challo, a process optimization platform with an emerging presence in designing, automating, and accelerating organizations’ Incident Response. Neil’s 30-year background in security and compliance has driven the successful development of CafeX Communications’ solution for Incident Management. He can be reached over LinkedIn at https://www.linkedin.com/in/neil-ellis/, and through the company website at http://cafex.com/.