Incident Response: A Key Part of a Comprehensive Security Strategy
Daily headlines reveal a continued and urgent concern —cybersecurity attacks are now a daily challenge for business leaders. As businesses rely more on technology to reduce costs and improve productivity, cyber criminals have a bigger target for hacks, malware, spyware, and ransomware. IT complexity is matched by evolved and sophisticated attacks.
According to a Cisco report, these threats are becoming increasingly lucrative for attackers. Ransomware exploits took in $1 billion in 2016, and business email fraud cost companies $5.3 billion.
Of course, there are many reasons for these cybersecurity failures. It can be as simple as not changing the default passwords on devices. Or, a cleverly disguised phishing email allowing entry to the enterprise network. Sometimes it’s lack of visibility: As the Internet of Things (IoT) converges with enterprise IT infrastructure, defenders may not even know what devices are connected to their network.
Clearly, as the bad guys get creative, the defenders of network security need to get smarter and stay one step ahead.
That’s one reason I was pleased to see the announcement of an integrated cyber security solution jointly offered by Cisco, Apple, Aon, and Allianz. It will help customers identify their security vulnerabilities, strengthen their defenses, recover from attacks, and mitigate the cost of a breach. It’s the kind of ecosystem-based approach we need as threats become more complex and pervasive.
I’d like to highlight just one aspect of what Cisco is offering to customers, either as part of this package or as a separate service: our Incident Response capabilities.
When it comes to Cisco incident response, we don’t just sit around waiting for something to happen. We proactively work with clients help them improve their security posture and reduce the risk of a data breach. We conduct readiness assessments, proactively hunt threats, and execute tabletop exercises to spot security gaps. Then, if a breach does occur, our Incident Response team brings the full weight of Cisco’s technical resources to resolve the problem, calling in product business units, security experts, and Talos researchers who provide sophisticated threat intelligence.
Different company approaches reveal lessons for how to approach security. Last year, a customer that bought an incident response retainer did not take advantage of proactive Cisco Security services. A few months later, a ransomware attack stalled operations and impacted clients. The Incident Response team responded within an hour and immediately deployed the required resources to reconfigure and deploy their security appliances. They used forensics to track the attackers, identify infiltration techniques, and plug the security gaps. Cisco’s Talos team launched a war room to do global research to triangulate on the ransomware.
Within a few days, the customer understood their security gaps that allowed the breach. The Cisco Incident Response team made a series of recommendations to improve their security posture and to help with ongoing monitoring. Of note, during the breach, the customer called another vendor to work in parallel to Cisco to address the issues. That company worked for a week before presenting initial findings – the same information Cisco provided within mere days. In the end, the customer told us team that they would not have survived the attack without our Cisco team.
That’s just one reason I’m passionate about our Cisco Services teams. Time after time—with rapid response times, predictive analytics, and network intelligence—we deliver extraordinary business results for our customers.