The average cost of a data breach is approximately $3.6 million according to research from the Ponemon Institute and IBM. As illustrated by the ransomware intrusion that crippled Atlanta’s municipal operations earlier this year, the bulk of the cost tends to be in incident response. And if that wasn’t justification enough for the importance of incident response, maybe this is: A strong incident response team can reduce the cost of a breach by as much as $14 per compromised record.
Incident response, when treated like an afterthought, is extremely expensive. Treating it like a continuous process, on the other hand, is more cost-effective and can yield significant long-term savings.
Taking Appropriate Measures for the Appropriate Threat
A recent scheme that plays on organizations’ fear of WannaCry malware is a good example of risk introduced by the absence of an incident response team. WannaCry is a prolific strain of ransomware that cost the global economy approximately $8 billion in 2017. Many of these victims were hospitals and other healthcare facilities. Now, more than a year later, fraudsters are emailing hospitals with threats of a WannaCry intrusion if a bitcoin ransom is not paid preemptively.
The good news is that this is a scam; these fraudsters lack the means to infect an organization with ransomware and are merely attempting to scare organizations into paying. The bad news, though, is that not every organization knows this, and many might be willing to fork over $650 under the false pretense that it will save them many thousands of dollars down the road. Of course, paying out on an empty threat won’t prevent a future intrusion.
In this case, then, the appropriate measure is to do nothing. An incident responder would know as much within 30 seconds of looking at the email, immediately saving $650 and a whole lot of anxiety.
How to Staff a Team of Incident Responders If You’re a Small Business
The one-word answer to this question may surprise you: “Don’t.”
Incident responders, like other security experts, are often prohibitively expensive for small and midsize enterprises (SMEs). A much more cost-effective approach to incident response is to partner with a managed security operations center (SOC) provider. In this SOC0-as-a-service model, a full team of security analysts aggregates network events from your various security tools as well as your business and cloud applications and continuously analyzes data to detect threats in real time. The moment a threat is discovered, incident responders take the appropriate steps to contain, remediate and recover from the incident.
To learn more about SOC-as-a-service’s incident response capabilities, read our white paper.