No one could doubt that incident response is an essential component of the security function.
And, generally, everybody understands that fast incident response is better than slow incident response.
But what impact does speed have on cyber risk? Is it really that important to remediate security incidents quickly?
We believe it is. Here’s why.
Remediating security incidents can (at times) be a difficult and time-consuming process. Unfortunately, modern malware and other attack vectors are capable of compromising a target network in just minutes.
Don’t believe us?
Some advanced attackers—such as those sponsored by nation-states—are able to completely compromise a target network in as little as 20 minutes. While this level of speed is uncommon, even relatively unsophisticated threats can gain an initial foothold within a target network within a matter of minutes. And once a foothold is obtained, it doesn’t take long for an attacker to start moving towards their ultimate objective.
Other attack vectors may be “non-invasive” but cause substantial damage if allowed to continue for any length of time. Denial of Service (DoS) attacks are an extremely common phenomenon in many industries and can cause a huge amount of damage if not remediated quickly.
CrowdStrike’s 2018 Global Threat Report found that on average, once an intruder has compromised a single machine, they need just one hour and 58 minutes to start moving laterally through your network. If allowed to get to this stage, attackers are often able to quickly establish a presence throughout your network—identifying potential high-value targets and causing mayhem for your security teams.
Let’s be honest, 118 minutes is not a lot of time to identify, prioritize, and remediate a serious security incident. It is, however, all you have to work with. If your incident response team isn’t consistently remediating incidents within this small window of time, the chances that your network will be compromised by a cyber attack go up exponentially.
Each year, the Ponemon Institute releases a report called the Cost of Data Breach Study. In the most recent version of the report, it was announced that on average companies in the US take 206 days to detect a data breach.
That’s a bit more than 118 minutes, wouldn’t you say?
And aside from all the obvious issues security and compliance issues associated with breaches going undetected for so long, there’s also a huge cost implication. On average, when a breach goes undetected for more than 100 days, it costs a whopping $8.7 million.
By contrast, when a breach is detected and contained in less than 100 days, the average cost drops to $5.87 million.
At this point, you’re probably thinking: “That is still A LOT of money...”
And you’re right. It is.
Because when security incidents and identified and remediated quickly, breaches don’t happen. And when breaches don’t happen, organizations get to spend those millions of dollars on something more productive.
SOAR platforms are a holistic solution that enables incident response teams to identify, prioritize, and remediate security incidents rapidly and effectively.
To see how our SOAR platform can empower your incident response function and reduce cyber risk, get in touch today to arrange your personalized demonstration.