Lack of Cyber Security Personnel Makes Incident Response a Struggle

24/08/2020 14:13:16


Cue the violins – the global cyber security skill shortage is widely publicized and even more widely felt in every industry, and never more than now, in the midst of a global pandemic. How the pandemic will affect the overall cyber security professional availability is anyone’s guess, but if we had issues before COVID, we are certain to see increased issues as it ends. 

76% of organizations saw the writing on the wall, reporting data security as a top priority for 2020, but due to hiring freezes and uncertain futures, many organizations are making due without new IT talent on the pay role. According to Varonis, a mind-bending 3.5 million cybersecurity positions will unfilled by 2021, with the most in-demand positions being IT security and information security analysts, and network security, security and application security engineers. 

In 2018 the average digital ransom demanded per incident was around $4000 USD, with a steady rise to over $8000 in 2020. This is far from the only cost. The downtime caused by ransomware, as we’ve seen recently with Garmin and Travelex, costs an average of $283,800 per incident. Add to this non-compliance fines, loss of customer business and confidence, and cost of recovery – all combined the potential kiss of death to even the largest and most well-established business. A recent IBM report of 2,400 security and IT professionals found that 68% believed that their company was ill prepared to survive a cyberattack. 

Emphasis should now be on speed of detection and response, and for speed, you need experience and expertise. How long does it take ransomware to encrypt your files once it has established a foothold? 3 seconds

The best protected companies employ a full time, highly-skilled Incident Response (IR) team, tasked with proactive defense of the network and immediate mitigation and defense actions in the event of an attack. 

Ponemon reports even more troubling incident response statistics including: 
• 75% of respondents do not have a formal cyber security IR plan
• 52% of respondents have neglected to review or update their IR plan after deployment 
• 23% of respondents have no IR plan at all
• Only 14% test their IR plans more than once per year

When do I need an IR plan, you may ask?  
You need one before an incident occurs. 

Why do I need an IR plan? 
An IR plan is far more than a guideline to follow in the event of an event. IR plans establish clear testing and analysis features to find vulnerabilities before they can be exploited, quickly mitigate damage in the event of an attack, and follow up to determine the best course of action to avoid falling victim to the similar attacks in the future. Chris Morales, Head of Security Analytics at Vectra says of IR, “With a successful incident response program, damage can be mitigated or avoided altogether. Enterprise architecture and systems engineering must be based on the assumption that systems or components have either been compromised or contain undiscovered vulnerabilities that could lead to undetected compromises. Additionally, missions and business functions must continue to operate in the presence of compromise."

Small or medium sized companies must deploy an IR plan that is regularly maintained and designates experts with certain responsibilities in the event of an attack – and a staff capable of executing response procedures quickly and skilfully is certainly required. Large organizations require IR protection beyond an established and regularly maintained IR plan, with more threat intelligence and proactive threat-hunting and IR capabilities.

Why Sangfor? 
With hiring freezes and a global shortage of cyber security personnel capable of responding to increasingly sophisticated threats, where should organizations look for their much-needed IR services? Look no further. Sangfor IR services provide this vital protection to their customers with the added convenience of tiered packages designed to work for every enterprise, vertical, size and budget. In the event of an attack, Sangfor IR starts with a security assessment which will inevitably locate the virus, which can then be contained. After identification of the ransomware family, which determines what steps need to be taken to stop the attack, Sangfor IR professionals trace and block the attack source and reinforce network defences to mitigate risk for further attack. 

Smaller enterprises can choose between the Essential or Standard IR Packages, which provide simple security incident assistance and reports or even further vulnerability assessment and remediation assistance before an attack occurs. 

For larger enterprises, Sangfor provides their Premium IR Package designed to go beyond response to prevention. 4 times per year, Sangfor will perform an assessment of your organizations network security and vulnerabilities, providing vulnerability assessment reports and firewall ruleset policy review reports yearly. This service eliminates the need for full-time, highly paid and underrepresented cyber security professionals and offers much needed proactive protection. 

For more information on Sangfor IR Packages and how they can protect your organization from ever growing cyber threat, contact a local Sangfor representative today or visit our website at www.sangfor.com

If you believe you’ve been attacked by ransomware, it’s not too late. Contact Sangfor today for immediate IR services. 

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable. 

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.