4 Ways Your Organization Can Improve Resiliency

Organizations can mitigate incidents and accelerate time to resolution by taking these four steps

Breaches from the past year have made clear that current approaches to Cyber Incident Response need drastic reassessment. The average total cost of a breach rose by 10%, with lost business, compromised information, and time to resolution being central determinants to the severity of the breach. Security Managers face mounting pressure to reassess their response plans and increase resiliency. This expectation can be difficult to manage against business priorities for growth and operational stability, which often add complexity to resiliency efforts. 

Unfortunately, business leaders have a tendency to silo Security and Operations’ (SecOps) priorities from the priorities of the larger organization. When an incident arises, the organization’s first priority is resolving it in order to get back to business as usual. As a result, most SecOps Managers will understandably face pressure to adopt a solution that can best resolve the incident at that moment. However, the solution used in one incident may not work in the next, because the scope of possible incidents is so wide. Without a proactive approach to Incident Response, organizations will be trapped in a continual cycle of reacting, and patching incidents as they arise.

To stop this cycle, organizations need to move away from a reactive posture. Security and Operations must account for the dynamic environment of their organization’s business priorities, IT architecture, and day-to-day operations in order to reform their response plan. This comes by implementing an approach that manages an incident across its lifecycle, from preparation to implementation, response, and process improvement.

1. Prepare by assessing and designing plans that target the root cause

Smaller scale incidents may be symptomatic of a larger issue, such as an inadequate testing and reviewing process, inaccurate performance assessments, or a failed communication plan. Organizations with high levels of resiliency look beyond trigger incidents in order to identify the root cause behind them.

Organizations that approach Incident Response with an ad hoc strategy instead of a root cause strategy will likely be able to resolve incidents more quickly, but with less stability and uniformity. Designing and assessing plans to draw out the root cause of an incident will allow the organization to better prepare itself to deliver a response that is not only quick, but also stable and comprehensive.

2. Integrate and automate workflows to streamline the response process

On average, organizations have 254 applications. Effective SecOps teams recognize the importance of managing applications in their response: selecting, integrating, and automating only the ones for the targeted incident. Integrating and automating workflows save incident response teams time so that they can focus on important work like strategy, rather than manual and repeatable tasks. Workflow automation also provides benefits like increased information sharing, improved performance, and accelerated time to resolution, all of which contribute to a more effective response.

3. Understand and address incidents with an aligned strategy

SecOps Managers understand that incidents are inevitable. The goal is to reduce the severity and frequency of incidents, in order to minimize their effect on the entire organization. SecOps Managers make this possible by preparing their teams, and guiding them with plans targeted to exact incident types. Templated plans make it easier for managers to pull in expertise, draw on information, and check off all regulatory and process requirements specific to that incident, rather than scrambling to coordinate these steps in real time. 

The quality of implementation depends in large part on the quality of collaboration during the response. When SecOps standardize how the team collaborates, they increase transparency and deliver a more effective response. Managers should invest in collaborative solutions to make it easier for teams to access the stakeholders and information relevant to their work. Collaborative solutions help them visualize the larger response and updates on their progress, which strengthens coordination and quality of work as a team.

4. Evaluate the response as insight for future incidents

To reduce the risk of repeat incidents, SecOps need to invest in process improvement. The process improvement stage reveals insight that will increase the quality of future responses. Incident Managers need to provide mechanisms to ensure that post mortems are conducted and applied. They should also lay out clear actions and ownership to drive accountability for each stakeholder that is responsible for delivering changes. Engagement from stakeholders like senior leadership can tie legitimacy to Security’s recommendations, and see that they get implemented organization-wide.

CafeX helps organizations track their entire response through a 360° view

Security Managers that adopt the four steps outlined here will be able to help their organizations effectively address the incident lifecycle. With a reliable approach to Incident Response underway, the organization can pursue business priorities with agility. It is critical that managers select a solution that allows them to manage incidents end to end, and achieve this state of resiliency. Solutions like CafeX view Incident Response with this unified approach, providing users with the ability to:

• Prepare by assessing and designing plans that target the root cause

• Integrate and automate workflows to streamline the response process
• Understand and address incidents with an aligned strategy

• Evaluate the response as insight for future incidents