The phrase “need for speed” might sound like a catchy one-liner from a Hollywood blockbuster. However, when it comes to information security, they are words to live by. Consider this vital fact: Malware permeates organizations with lightning speed and frequently causes millions of dollars of damage in a relatively short period of time. Because of this, cybersecurity teams should be able to respond speedily when threats happen. Growing your team from an average state into one with a rapid response mindset requires a few key elements:First, there has to be modular structure. What this means is that teams need a set response format to work with. This structure should evolve, adding processes or additional needed components, as a team’s obligations in cybersecurity change. As Bob Carver, CISSP, CISM, MS, says in a 2017 article, Cybersecurity: The Need for SPEED: “You don’t want to be one of those organizations that gets notified of a compromise by law enforcement before your security teams are aware of the situation.”
The second element to maintaining a rapid response culture is situational awareness. Is the cybersecurity team “in-the-know” regarding where to find their tools? What type of response to take, who to contact, when to act, and most importantly, how to execute their response — are all questions that should be answered before operating in a production environment.
Third, encourage drills to promote team agility. Even with cutting-edge skill sets and available resources, response time can still falter if both components are not used frequently. By “going through the motions” of regularly responding to simulated threats, a team can build the physical and mental bite that lessens the chance for mistakes during the execution of an actual incident response. Cybersecurity stakeholders will discover that this practice in fact leaves information ingrained deeper within a team’s psyche, both at the individual and collaborative level.
Accelerated response in cybersecurity is a learned practice. However, when a culture is developed, rapid response becomes natural and can increasingly match the hostile landscape created by malicious actors.