Saltar a la navegación Saltar al contenido principal Ir al pie de página

Cyber Incident Response Team: Build or buy?

10 octubre 2023

By NCC Group

Given the risks and consequences of cyberattacks, every organization should prioritize Incident preparation and response planning, with or without an Incident Response partner. But if you have suffered a breach and you need to initiate your response plan, do you have the appropriate level of capability to respond and mitigate the damage?

In the face of evolving cyber threats, many organizations are naïve to the risks and as a result, remain woefully under-prepared for an incident. Even larger organizations with mature security programs have more at stake so must take a risk-based investment in their Incident Response capability.

The problem is, building and maintaining a Cyber Incident Response Team (CIRT) may not be the most economical or effective solution for organizations, so the question is... should you build or buy, or do both?

It’s a balancing act for any organization; being able to comprehend what’s truly at risk and having the appropriate level of support to safeguard it effectively.

Here are some key factors to consider when assessing your Incident Response capability internally:

 

Staffing

Do you have the appropriate personnel to keep an incident response plan up to date? To resolve an incident? Or the budget to add staff? If an incident occurs, can you afford to pull critical resources away from their usual duties? Who will handle those tasks while they’re in crisis mode?

A retained team can serve as a force multiplier, advising on and prioritizing key cyber resilience tactics before a breach and providing an all-hands-on-deck response during an incident.

 

Time

For most organizations, unfortunately, it’s a matter of time before an incident takes place. How long will it take you to build the team and capacity you need to mount a defense? Or if you already have an in-house team, how much time is allocated for training amongst other priorities? Building an incident response program can take months of assessment, scenario testing, and response planning.

An experienced retainer team can be ready to go to work immediately when required, putting time on your side when it matters most.

“According to the latest Ponemon Institute research, the global average cost of a cybersecurity breach reached an all-time high of $4.45 million in 2023, and the average response time to detect and neutralize the threat was 277 days. By reducing the response time by just 77 days, organizations can save $1.2 million, including drastically reduced downtime, loss of productivity, regulatory penalties, and the risk of third-party damages.”

IBM Cost of a Data Breach Report 2023

Expertise

Do you have the expertise you need to develop a thorough incident response plan or to take appropriate action in the event of an incident? As mentioned above, developing threat assessment and incident response expertise can take months of training. Even with that expertise available, there’s no substitute for routine experience when it comes to containing and neutralizing a threat when a crisis strikes.

An incident response retainer team will typically have the depth and breadth of experience from working on many different types of engagements across organizations, regulatory environments and industries of all shapes and sizes. This exposure and capability of dealing with a wide variety of threats and incidents can bring invaluable insight and expertise to quickly understand motives and attack path of an actor to minimise potential impact.

 

Technology

In the event of a breach, every second counts, and having the most efficient, automated tools at your disposal is essential to respond quickly to a detected threat.

Working with an external Incident Response provider can allow you to harness and leverage tools to quickly assess thousands of systems for better insights, stronger protection and faster response time without having to invest in and maintain those tools yourself.

 

Cost

Security and risk management leaders are increasingly under pressure to demonstrate digital value at scale alongside pragmatic management of security risks.

Around 30% of a chief information security officers’ (CISOs’) effectiveness will be directly measured by their ability to create value for the business. - Gartner, 2023

Maintaining an incident response posture can come with a steep price tag when you consider the personnel, training, and tooling investment of an internal capability. It can be like having a surgical team on staff at a walk-in clinic. Their specialized skills may be underutilised a lot of the time, and without routine practice will they be prepared with the latest insights and tactics when the crucial time comes?

With an incident response retainer, the provider is responsible for investing in training and certification. No matter how large the network, they will typically have the infrastructure, technology, staffing resources and expertise, on-demand, at a fixed contract price.

 

Peace of mind

Like it or not, in the event of an incident, the CISO is in the hotseat when it comes to how quickly and effectively the organization responds. Investors and board members will have expectations—whether clearly defined or not, and not only about how you’ve fixed the problem but how well you’ve communicated through those difficult conversations. Having a trusted advisor on your side provides significant peace of mind when it comes to meeting those expectations.

With an IR retainer, you’ve got reinforcements, and that can make a huge difference. Reputational damage and loss of future business is a major concern in any cybersecurity incident – but a fast response and the appropriate level of support will inevitably boost brand affinity and confidence. Customers and stakeholders know that cybersecurity threats are a persistent risk and how quickly and aggressively you handle those risks will win their favor.

Taking the time to assess and test your Incident Response capability will ensure your defenses are fit for purpose when the crucial time comes.

Take action now to assess your organisation's readiness and resilience.

Contact us today to speak with an Incident Response expert about our Retainer levels and secure your reputation. 

NCC Group

NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.