Incident readiness and response work for cyber security
While it’s important to engage incident response during a cyber security incident, F-Secure Consulting’s global incident readiness and response offerings put equal emphasis on readiness as a strategy for mitigating the risk of cyber attacks.
In the last 12 months, F-Secure Consulting responded to dozens of major security incidents for organisations across the globe. Ransomware attacks accounted for about a third of all engagements. Other cases included acts of nation-state level espionage, different financially-motivated attacks, and more. Many involved ‘hands-on-keyboard’ attacks.
F-Secure Consulting’s Incident Response team’s average response time to clients was 15.4 minutes. And on average, engagements lasted for approximately 12 days. However, some incident response cases can last several weeks or even months, increasing an attack’s impact and mitigation costs.
F-Secure President and Chief Executive Officer Juhani Hintikka said: “It’s easy to see why a comprehensive incident response plan seems like a luxury when weighed against other preventative measures that offer immediate benefits. However, careful preparation will improve the speed and effectiveness of organisational response, ultimately lowering the impact of an incident.
“From a c-level point of view, incident response needs to be seen as building organisational resilience by ensuring business continuity in the event of an incident, which is bound to occur sooner or later. Making contingency plans to limit that inevitable intrusion’s impact on operations, personnel, and clients is clearly the responsible thing for organisations to do given today’s threats.”
Furthermore, the benefits of preparation are beginning to make a difference to more than just restoring operations.
A recent report from Forrester highlighted the increasing interest in an organisation’s security posture from different stakeholders: “Inadequate breach response can lead to financial, operational, and reputational losses. Therefore, following any data breach, the public, government agencies, partners, suppliers, and your cyberinsurance provider will subject your organisation to scrutiny. They want to know what your security posture was before the breach and how well you responded after the breach.”
Such scrutiny from stakeholders – including authorities – signals increasing expectations for companies to prevent the consequences of an attack from spiraling out of control.
F-Secure Consulting’s incident response services consist of two separate yet complementary offerings to accommodate different needs:
- Incident readiness: services and retainers designed to reduce the impact of an incident by enabling quicker response times and shorter recovery times while improving response effectiveness and overall return on capability investments.
- Incident response: support for incidents ranging from post-incident forensic analysis of isolated hosts to incident management, containment, and eradication during a domain compromise.
And as a global, multidisciplinary incident response function that operates as part of a larger organisation offering businesses a comprehensive portfolio of cyber security solutions, F-Secure Director of Detection and Response Matt Lawrence says that F-Secure’s depth of capabilities ensures organisations have access to world-class expertise to fit a wide range of problems.
“We have consultants operating from ten countries across four continents, meaning world-class expertise that can answer a range of questions is often just a message or email away for us and our clients,” explained Lawrence. “Industry-leading malware researchers, threat intelligence analysts, and other non-IR specialists are at our disposal 24/7, and that speedy access can prove critical to preventing an incident from become a crisis.”