It’s late on Friday afternoon when you receive a suspicious alert: “Unusual activity detected” on a critical IT asset. Panic sets in as the clock begins ticking. You know you need to quickly lock down systems to prevent propagation and assess any potential damage.
Can your in-house team identify the cause, contain the damage, and recover? And importantly: can they prevent a future incident?
These days, cyberattacks are increasingly likely, and with the average cost of a breach now over $4.35 million, having a Cyber Incident Response Team (CIRT) on standby is becoming a vital cost of doing business. In fact, data from IBM/Ponemon Institute’s 2022 Cost of a Data Breach shows that having an IR team and a well-tested plan in place can lower the cost of a breach by nearly 60%.
While an in-house CIRT is certainly one option, it can also be costly. Keeping the team trained in the right skills takes time and money, but low utilisation means your team may need to gain routine experience to mitigate a major incident when the crucial time comes.
Instead, having an Incident Response Retainer with a trusted cyber security partner can give you the proactive and reactive support you need to manage cyber security risk effectively. Most importantly, having an IR Retainer agreement in place before a breach occurs can save your company tremendous stress, time and money.
Whether you’re exploring an IR Retainer for the first time or already have a partner in place, identifying the right capabilities to integrate with your internal security operations is essential.
Here are six critical questions to measure your incident response readiness.
1. Is there 24/7 global support and guaranteed SLA?
During a breach, seconds count. The faster you can track down threat actors and stop them, the less damage will result. An IR Retainer partner should provide 24/7 global support with a guaranteed SLA in one hour or less, along with periodic check-ins during downtime to stay up to date on your organisation’s security posture.
2. What about insights ahead of the threat?
The best way to manage cyber security threats is to prepare for them. An effective IR Retainer should include best practice advice and recommendations on improving your risk posture based on the unique needs of your organisation and the threats you face.
3. Does it include threat detection and mitigation?
When an incident occurs, you need a partner that can conduct urgent triage and advise on immediate action to neutralise the threat. An IR Retainer partner should be able to provide remote assistance and/or on-site support with specialised tools and technology to identify and contain a breach.
4. What’s the ROI?
An IR Retainer partner can be a force multiplier that allows you to tap into critical expertise in the event of an incident. But it should also provide ongoing value by offering insights, intelligence, and tested experience on how to better protect your organisation all year long. Look for a partner with the flexibility to apply unused days or hours to other cyber security solutions to bolster your resilience.
5. Are advanced digital forensics included?
The ability to analyse evidence and adapt your defences is a key component of incident response. An IR Retainer agreement should include a thorough investigation and threat analysis to understand how and why a compromise happened—and most importantly, how to prevent it in the future.
6. What about post-event consulting services?
Beyond the technical aspects of managing an incident, there are also downstream matters to address, such as regulatory issues, if/when/how to make a public statement and other media and public relations concerns. After all, damage to your reputation will be a serious concern if news of a breach is not handled well.
An experienced IR Retainer partner can offer this expert consultancy to help you manage regulators, craft media messaging, and help minimise any collateral damage with current and prospective customers. In addition, an IR partner should be able to provide proactive planning services, routine evaluations and practice scenarios to improve resilience.
IR Retainers offer the scalability, experience, and near-instant coverage you need to go to work quickly and put time on your side when it matters most. But choosing the right partner can make a critical difference in reducing a cyber security incident's time, cost, and reputation damage.
Take action now to strengthen your organization's readiness and resilience.
Download the Cyber Incident Response Retainer eGuide for valuable strategies. Contact us today to speak with an Incident Response expert about our Retainer levels and secure your protection.