WHEN A SECURITY INCIDENT OCCURS – YOUR TECH, YOUR PEOPLE, AND YOUR PROCESSES NEED TO BE READY TO MITIGATE THE RISK SO YOU CAN REDUCE TIME, EFFORT AND CONFUSION. SO UNLIKE WHAT HAPPENED AT THE 89TH ACADEMY AWARDS, YOUR STRATEGIES WILL WORK.
By now everyone has seen or heard about the mishap at the 89th Academy Awards when “La La Land” was accidentally announced as Best Picture when the Academy intended the award for “Moonlight.” In a moment not that dissimilar to what happened when Steve Harvey announced the wrong 2015 Miss Universe winner, there was confusion, concern, disbelief, and even a healthy dose of levity as seen in this Ryan Gosling photo.
Behind the scenes, two officials from PricewaterhouseCoopers (PwC), which is the accounting firm that does the calculations for the award ballots, are standing by in case mistakes like this occur. In fact, an official has been behind the scenes to respond to incidents like this since the early 1950s.
So what happened? Okay, the wrong card was handed out; that can happen. But why did it take so long for somebody to respond? Not one, not two, but three different individuals from “La La Land” gave their acceptance speeches before it was voiced that an error was made. It took about two and a half minutes or 150 seconds or an eternity in TV time between “La La Land” being incorrectly announced as the winner and the mistake being announced.
Now in cybersecurity, a 150 second incident response time is seen as being pretty darn fast in most situations. But some organizations grow dependent upon the technology saving the day without enough focus being placed on security people and processes which leads to slower incident response or even incidents not being responded to at all.
I recently wrote a blog post about the importance of security teams practicing incident response under “live fire” on their production networks, with their product security controls against real attacks in a safe and measurable security instrumentation approach.
I even drew an analogy to practicing incident response being like practicing football and even made a short video about it. But one area that isn’t given enough focus is the process. It’s boring so nobody wants to spend cycles on it but it is critically important.
Obviously, there needs to be a process in place for how to respond to various types of incidents such as:
- Malicious insider activity being detected
- An endpoint system suffering from malware
- A bot beaconing from the server network to the Internet
- Large amounts of data being exfiltrated
But just as important as having these processes and practicing them, is maturing them so that they are more effective and efficient. For example, so it doesn’t take 150 TV seconds to right a wrong. Making security control validation a foundational part of your security posture and ongoing security analyst practice will yield improved processes.
You’ll learn what’s working, what’s not, what’s too slow, what’s not necessary, where to look first, how to validate, etc. This is an ongoing process because your security controls are always changing, attacks are always morphing and because the people involved in the process will likely adjust over time.
Continuous evaluation of security controls, people and processes is a use case tailor-made for security instrumentation solutions like Verodin. Verodin allows for ad hoc and continuous assessments, measuring and monitoring trends over time, and identifying areas that need greater investment across people, process, and technology.
With Verodin, when an incident occurs – your tech, your people, and your processes will be tuned to mitigate threats and reduce the negative impacts of a security incident by reducing time, effort and confusion. So unlike what happened at the 89th Academy Awards, your team will be ready.
Learn more about Verodin.