Some of the UK’s largest organizations are still laboring with “rudimentary” tools like SharePoint to run their incident response functions, despite the growing volume and sophistication of threats, industry experts have warned.
Speaking on the last day of Infosecurity Europe 2015 in London, EMEA general manager at Resilient Systems, Paul Ayers, claimed that proven incident response best practices have been around for years from sources like NIST and the SANS Institute.
However, major companies persisting with SharePoint and a Wiki page is “not uncommon,” he argued.
“You need to evaluate your incident response readiness and ask ‘how good are you?’,” Ayers said. “The adversary has the advantage.”
A new breed of tools defined by analysts as Security Incident Response Platforms (SIRPS) has emerged in recent years – “codifying best practices to make them repeatable.”
They’re designed to help organizations in four distinct phases: preparedness, assessment, management, and post-incident mitigation.
IT teams are good at the “assessment” and “management” phases but could do better at “preparedness” and “mitigation”, Ayers argued.
To get the most out of such tools, the best performing companies are typically integrating these platforms into upwards of 30 applications, he added.
These could range from ITIL – given that many incidents originate from helpdesk – to SIEM tools, Ayers explained.
The need for speedy detection and response to threat incidents has become increasingly important in light of an increasingly fast moving and hostile threat landscape.
The 2015 Information Security Breaches Survey from PwC, launched at Infosecurity Europe this week, found that three-quarters of small UK businesses and 90% of large organizations have experienced a security breach – up around 10% from the previous year.
The cost of breaches has almost doubled for large organizations over the period – to between £1.46m and £3.1m. For smaller firms the cost has risen from £65k-£115k to £75k-£311k.