Home / Blogs

Tactics for Responding to Cyber Attacks - Squeezing Your Cyber Response-Curve: Part 1

Many cyber attacks against companies today go unreported, and more still are undetected. This poses a critical threat to organizations that are striving to innovate, maximize efficiency and compete in a connected world. Timing and context are everything. The faster a company identifies a problem, and the faster and deeper it is understood and its relevance to the business, the more effectively the company can respond. We call this squeezing the cyber response curve. This two-part post will discuss the current state of cyber threats, what the cyber response curve is and its impact your organization and how you can effectively squeeze this curve to improve attack response.

The hidden menace

Prominent organizations, such as the New York Times, are some of the companies that have been the high profile victims of cyber attacks. But they are just the tip of the iceberg. As the world becomes ever more connected, cyber threats are rapidly escalating into a major issue for many organizations across different industry sectors.

According to a recently released report from the Ponemon Institute, U.S. organizations have the dubious honor of ranking first worldwide with the average data security breach costing $5.4M. Healthcare, financial, and pharmaceutical industries had higher than average costs coming in at $6.7M, $6.2M, and $6M per incident, respectively.

Cyber threats need to be managed as an on-going business risk, with the basis that countering a determined, well-resourced and innovative attacker requires a well-resourced and innovative response.

What is the cyber response curve?

While working with commercial and government organizations, BAE Systems Detica has seen a multiplication of highly sophisticated attacks. The cyber response curve is a concept we have designed to evaluate organizations' readiness to respond to cyber threats and enable them to view how they could improve their response based on three factors: time between the start of and detection of an attack, level of compromise and how long it takes to make an informed decision. It is premised on our observations over the last few years of how different organizations have responded to targeted attacks.

The cyber response curve (Figure 1) maps out three critical elements of a response:

Now that we have discussed the state of cyber attacks today and an introduction to the cyber response curve, part two of this post will tackle common approaches to security that impact the cyber response curve and your organization can do today to optimize attack response.

By Colin McKinty, Americas Regional Director, Cyber at BAE Systems Detica

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign