'Our digital future' was the theme of the third and final session at Engineers Ireland's recent national conference, and where members listened to presentations from Brian Martin, Cormac Lyons and Vivian Farrell – and in Section A, we consider the content provided by Integrity360's Brian Martin.

Part I on 'Supporting the National Recovery' can be viewed here, while Part II: 'Sustainable solutions in practice' can be viewed here. Part III, Section B can be viewed here; and Part III, Section C here.

Brian Martin, Integrity360 head of product, strategy and innovation

Brian Martin, of Integrity360, gave an address on 'Defence for today’s cyber threats'. He provided an overview of the cyber-security threat landscape; wider trends in cyber security, and providing actions that we can all put in to force in order to protect ourselves. Martin also shared slides on benchmarking, resilience and how an organisation can evolve to be more security-focused.

Cormac Lyons, managing director, Procad

In Section B, Cormac Lyons of Procad presented on 'digitalisation' and the process of digital transformation in the manufacturing context. He gave an overview of digitalisation within a customer base and the industry outcomes for those customers; rates of change; and a view of the traditional product lifecycle versus more agile product development. 

Vivian Farrell, Modular Automation CEO

In Section C, Vivian Farrell of Modular Automation presented on 'Leveraging digital technologies to deliver automated factories of the future'. She gave an overview of Modular's work as a leading medtech automation partner. Case studies presentations were provided by Gerard Kennedy, mechanical design department manager, on digital technology enabling sustainable and flexible automation, while Alan O’Brien, production team manager, spoke on automation enhanced with digital simulation technologies. 

Integrity360: Defence for today's cyber threats

Brian Martin, Integrity360 head of product, strategy and innovation presented a number of statistically important slides as listed below.

A./Getting to grips with Incident Response Management

Cyber Security TestingManaged Security ServicesBreaches, Alerts & AdvisoriesCyber Security TechnologyIncident Response

Security breaches are part and parcel of running a modern organisation. Research completed by the Clark School at the University of Maryland showed that hackers attack every 39 seconds. With organisations exposed to such a high volume of threats, Incident Response has become just as important, if not more important than threat prevention. 

The main reason for the growing importance of Incident Response is that an organisation can’t defend against every threat vector, which means companies need to have the ability to remediate incidents quickly to reduce downtime. However, most companies struggle with incident response, with the average time to detect and contain a data breach being 280 days.  

In this article, we're going to look at what Incident Response is, the 6 key phases of the incident response process, why organisations need to outsource it to an external provider, and the pitfalls of managing it internally.  

What is Incident Response? Six phases of incident response management explained   

Incident Response is an organisation's reaction to an incident where a device has gone offline and refers to the actions taken to get that infrastructure back online from detecting and remediating a threat to restoring affected devices. A mature Incident Response process can be broken down into several key phases: 

  • Phase 1: Preparation – Making sure that playbooks, training, and security tools are available to manage future breaches. That includes creating a full Incident Response plan and having security analysts run mock incidents regularly.  
  • Phase 2: Identification – Identifying the “who, what, why, when, where, and how” of a data breach. Answering these questions enables a team to identify the disruption and ways to contain it. 
  • Phase 3: Containment – Beginning to safely and efficiently contain a breach to prevent it from causing further damage to the business.  
  • Phase 4: Eradication – A security analyst identifies the root cause of the breach and eliminates it to prevent the disruption of business continuity.  
  • Phase 5: Recovery – Restoring all affected devices and business processes to enable the organisation to return to normal operations.  
  • Phase 6: Lessons learned – Gathering information obtained from the incident to determine where the organisation's response was successful and what to improve in the future. This is arguably the most important phase of the incident response process.  

The individuals that guide an organisation through each of these phases are categorised as incident responders. Incident responders have an interdisciplinary role that borrows techniques from other cyber security disciplines like cyber security engineers, vulnerability analysts, forensic analysts, penetration testers, risk analysts, and SOC analysts to respond to data breaches on a case-by-case basis.  

Want to watch our Incident Response team filter out the noise that surrounds incident response? Click here to watch.

Assessing your need for IR: Why it’s important to use an external Incident Response service  

Managing Incident Response internally isn't recommended for most organisations because most companies don't have the resources to maintain a team of cyber security specialists on-demand 24 hours a day. For these companies, it's much more cost-effective to partner with a managed service provider who can provide 24/7/365 access to an experienced team of cyber security professionals.  

If you’re unsure about whether you have the resources needed to manage Incident Response in-house, there are some key questions you can ask yourself to assess your need for an Incident Response service: 

  • Is your Incident Response team available 24/7?  
  • Do you have a dedicated Incident Response manager to manage incidents? 
  • Do you have 24/7 access to vendor or tool-specific expert advice?  
  • Does your organisation have access to the latest real-time threat intelligence?  
  • Does your organisation already have an automated Incident Response process? 
  • Does your team have time to create well-written reports following a breach?  
  • Do your employees know what stakeholders to inform during a breach? 

If the answer to any of the questions above is no, then using an external Incident Response service is vital to make sure that you're fully protected in the event of a security breach. A reputable provider will help you manage security incidents safely from start to finish so that you can remediate disruptions quickly and return to normal operations. 

Pitfalls of managing IR internally  

Those companies that do decide to manage Incident Response internally typically confront some common pitfalls that leave them unprepared to resolve security incidents. Some of the main pitfalls organisations face at each stage of the incident response process include:  

  • Preparation phase: Failing to create a fully documented incident response playbook, meaning that employees don’t know how to respond to breaches effectively.  
  • Identification phase: Lacking internal expertise to answer the “who, what, where, why, when and how,” questions surrounding an event, which can lead to further issues, such as identifying legitimate applications as malware and deleting them.  
  • Containment and eradication phases: Tendency to under contain or over contain events. For instance, an employee failing to configure secure firewall rules following a breach or shutting down an entire office when they only needed to contain a single machine. 
  • Recovery phase: Taking too long to bring systems back up (usually due to a lack of a disaster recovery plan) and significantly increasing the length/cost of downtime.  
  • Lessons learned phase: Failing to learn lessons from past security breaches, increasing the risk of falling victim to similar breaches in the future.  

When combined together, all of these challenges mean that it’s much easier for an organisation to outsource incident response to an experienced managed service provider who already has a battle-tested process in place with professionals who’ve helped hundreds of companies to manage security events.  

Don’t be afraid to seek help!  

Defending against modern cyber threats isn't easy, and it's ok if your organisation doesn't have the onsite resources needed to stop the next generation of online threats because most organisations don't. By seeking help from an Incident Response provider, you can give your team peace of mind that your organisation is protected against the latest threats.  

That means when there is a breach, you’ll be able to have on-demand access to a team of experts who will tell you exactly what you need to do to protect you and your customer’s information, so that your employees can get back to work safely.  

B./ Seven key findings from the cost of a data breach 2021 report

Breaches, Alerts & AdvisoriesIndustry Trends & InsightsFinancial Services & Insurance

A month ago, Ponemon and IBM released the Cost of a Data Breach 2021 report, an annual study on the cost of data breaches and the modern threat landscape. The report not only highlighted that the cost of data breaches is on the rise but also showed that enterprises are taking longer to contain security incidents. 

This article will examine seven key findings from the report and break down some of the most promising solutions that enterprises can use to reduce the costs associated with breach incidents.

1. The average cost of a data breach reaches an all-time high  

One of the most shocking findings of the report was the fact that the overall cost of a data breach is increasing. 2021 saw the highest average cost of a data breach in 17 years, with a total of $4.24 million. This figure is the highest in the report’s history, increasing by 10% between 2020-2021. 

The top five industries with the highest average total cost were Healthcare ($9.23 million), Financial ($5.72 million), Pharmaceuticals ($5.04 million), Technology ($4.88 million), and Energy ($4.65 million). This is unsurprising, given the complex web of regulations that healthcare and finance organisations need to navigate. 

It’s worth noting that the public sector also saw a significant increase in data breach costs, increasing by 78.7% between 2020-2021 from $1.08 million to $1.93 million. The public sector wasn’t alone in seeing cost increases; the retail, media, hospitality, and communications industries also had an increase in average data breach costs. 

2. Lost business is the biggest cost of a data breach 

When breaking down the factors that contributed to the overall cost of a data breach, the report found that lost business carried the highest cost, accounting for 38% of the average total cost of a data breach for a total of $1.59 million. 

The cost accounts for a range of business costs arising from a data breach, from initial business disruption to revenue loss due to downtime, customer loss, customer acquisition, and reputational damage.

The next most significant cost was detection and escalation costs with an average cost of $1.24 million, at 29% of the cost of a data breach. The third most significant cost was post-breach response at 27%, which accounted for $1.14 million. 

These findings suggest that enterprises need to invest in more cost-efficient technologies for detecting security incidents while planning and optimising their incident response processes to enhance post-breach response.

3. Remote working environments are struggling to contain data breaches  

The report also highlighted that decentralised remote working environments increase the impact of data breaches considerably. In fact, organisations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those organisations with 50% or less employees working remotely. 

The higher amount of time taken to identify and contain breaches also increased the overall cost of intrusions in remote environments. For instance, the average cost of a data breach was $1.07 million higher in breaches where remote work was a factor in causing the breach. 

These findings indicate that organisations offering work from home opportunities to employees need to ensure that security best practices are maintained off-site, or they leave themselves at risk of encountering security incidents that are more difficult to contain. 

4. Enterprises are taking longer to identify and contain data breaches 

Due to the increasing complexity of modern threats, enterprises are taking longer to identify and contain data breaches. The average time taken for organisations to contain data breaches was 287 days in 2021, 7 days more than in 2020. 

Organisations that took longer to identify data breaches also had a higher overall incident cost. Breaches with a lifecycle of over 200 days had an average cost of $4.87 million compared to $3.61 million for breaches with a lifecycle of less than 200 days. 

While this is likely due to the fact that the longer it takes to contain an incident, the greater the chance of data loss, downtime, and regulatory liabilities, it also depended heavily on the initial attack vector. 

Data breaches caused by compromised credentials were the most difficult to contain, taking an average of 341 days, compared to Business email compromise at 317 days, malicious insiders at 306 days, phishing at 293 days, physical security compromise at 292 days, and social engineering at 290 days.

5. Compromised credentials may be the most common threat but they don’t have the highest average cost

The most frequent initial attack vectors identified in the study were compromised credentials, accounting for 20% of breaches, followed by phishing attempts (17%), cloud misconfiguration (15%), and business email compromise (4%). 

Although compromised credentials were involved in the highest proportion of data breaches, they didn’t have the highest average cost. Business email compromise attackers were the initial attack vector with the highest overall cost, with an average cost of $5.01 million. 

The other threat vectors with the highest costs included phishing attacks, with an average cost of $4.65 million, followed by malicious insiders at $4.61 million, social engineering at $4.47 million, and compromised credentials at $4.37 million.

6. Incident Response has a big role to play in cutting costs 

The research also found that incident response strategies had a significant role to play in reducing costs, with the average cost of a data breach totalling $3.25 million in organisations with incident response capabilities compared to $5.71 million in organisations without an incident response plan in place. 

In other words, organisations that implement a balanced incident response plan can expect to cut the cost of a data breach by $2.46 million, meaning that investing in incident response is key for limiting the costs of security incidents going forward. 

Part of the reason for the effectiveness in reducing costs is that a well-thought-out incident response plan can decrease the amount of time it takes to contain security incidents and lessens the overall financial impact of a breach. 

7. AI, automation and zero-trust offers some protection against data breaches 

There were also a number of other solutions that had success in decreasing the overall cost of data breaches. For example, organisations using AI and automation experienced an 80% lower average data breach cost, a total of $2.90 million compared to $6.71 million in organisations without AI or automation. 

A key reason for this dramatic decrease in cost is the fact that organisations implementing AI and automation can automate security incident investigations and reduce the number of manual tasks needed to investigate security incidents. 

The research also highlighted that zero-trust approaches help reduce the costs of data breaches, though not as dramatically as AI and automation. Organisations in a mature stage of zero-trust deployment had an average cost of a breach of $3.28 million, $1.76 million less than organisations without zero-trust implementations in place. 

This suggests that zero-trust approaches are worth investing in alongside AI and automation to shield protected data from unauthorised users and decrease an organisation’s overall data breach liabilities. 

As costs increase organisations need to invest to stay protected 

As the costs of data breaches continue to spiral and increase as threats become more difficult to contain, organisations need to adapt and invest in technologies and approaches that can optimise their incident prevention and resolution capabilities. 

Taking steps such as investing in an incident response plan, implementing AI, automation, and zero-trust is key for decreasing the costs of security incidents in the future and for avoiding the devastation associated with lost business and reputational damage. 

(Part I on 'Supporting the National Recovery' can be viewed here, while Part II: 'Sustainable solutions in practice' can be viewed here. Part III, Section B can be viewed here; and Part III, Section C here.)