Johannesburg, 30 Nov 2023
Every minute matters after an organisation has suffered a breach, which is why an effective incident response plan is crucial for business resilience and mitigating cyber risk.
This is according to Arctic Wolf Networks cyber security experts, who were addressing a webinar for IT security and risk professionals this week. It focused on when and how to escalate from managed detection and response (MDR) to incident response (IR).
Noting that proactive cyber security has to include cyber insurance and a strong IR plan, they said businesses should have a solid plan to get back up and running as quickly as possible after a cyber attack.
According to the IBM Cost of a Data Breach Report 2023, proper planning and testing can reduce IR costs by as much as $1.49 million in the event of an incident.
Jason Oehley, regional sales manager at Arctic Wolf Networks, said: “While prevention is better and far more cost effective than cure, organisations have to address their total risk profile. Risk mitigation, with security technologies and skills to look after them, might protect the majority of the environment. However, the remaining business risk – that of being too slow to get back up and running after an attack – must also be addressed.”
Andre den Hond, senior systems engineer at Arctic Wolf Networks, outlined how Arctic Wolf Incident Response specialists have helped customers respond to attacks.
Den Hond said: “It is important to understand the tactics being leveraged by threat actors, and to have a comprehensive response that makes it extremely difficult for the threat actor to gain a foothold. The Arctic Wolf Incident Response concierge delivery model consists of technology, security expertise and processes, with a concierge security team to augment IT and security teams. They will roll out a tailored security journey for each customer’s unique environment. They also work with customers to perform external vulnerability assessments and advise on a patching and remediation plan.
With our SOC as a service, we perform 24/7 monitoring and investigations. Our triage security engineers perform investigations and provide guided remediation support to customers. The concierge delivery model also includes root cause analysis to determine the initial entry point, scope the impact of the attack, and give peace of mind to the customer.”
Dylan Francis, associate incident response engineer at Arctic Wolf Networks, explained: “The incident response team helps customers to understand the scope of the incident and move to triage, containment and eradication. Our goal is to determine the actions of the unauthorised actors in the first 24 hours of the incident.”
He noted: “The work is all done in tandem to get customers back online as soon as possible, and to help the organisation emerge stronger, with the right support and tools in place to prevent this from happening again. Where other providers limit services to containment and eradication Arctic Wolf’s IR team also supports business restoration, threat actor negotiations, and deep dive digital forensics. Our highly skilled incident response team offers all the services companies need to get back up and running after ransomware attacks, business email compromises, IP theft, data breaches and employee misconduct incidents.”
“Organisations must have a comprehensive incident response plan in place. Many say they have one, but often it’s not until they have an incident that they actually look at it,” he said.
Arctic Wolf highlighted its new incident response retainer solution – IR JumpStart, which provides all the benefits of traditional IR retainers plus IR planning assistance, without the prepaid minimum hours.