Security

07:25 AM
Colin McKinty, BAE Systems Detica
Colin McKinty, BAE Systems Detica
Commentary
50%
50%

Squeezing Your Cyber Response Curve

Financial firms must be more efficient in detecting and responding to cyber threats.

Prominent organizations are favorite targets of cyber attacks. For instance, many U.S. banks have already been high-profile victims. But it is just the tip of the iceberg. As the world becomes ever more connected, cyber threats are rapidly escalating into a major issue for many organizations across different industry sectors, including the financial services industry.

According to a recently released report (PDF) from the Ponemon Institute, U.S. organizations have the dubious honor of ranking first worldwide with the average data security breach costing $5.4 million. Healthcare, financial, and pharmaceutical industries had higher than average costs coming in at $6.7 million, $6.2 million, and $6 million per incident, respectively.

Cyber threats need to be managed as an on-going business risk on Wall Street and Main Street, with the basis that countering a determined, well-resourced and innovative attacker requires a well-resourced and innovative response.

What Is The Cyber Response Curve?
While working with commercial and government organizations, BAE Systems Detica has seen a multiplication of highly sophisticated attacks. The cyber response-curve is a concept we have designed to evaluate an organization's readiness to respond to cyber threats and enables them to view how they could improve their response, based on three factors: time between the start of and detection of an attack; level of compromise; and how long it takes to make an informed decision. It is premised on our observations over the last few years of how different organizations have responded to targeted attacks.

The cyber response-curve maps out three critical elements of a response:

Cyber Response Curve

1. Time between the initiation of an attack and detection.
2. Level of understanding of the extent of compromise of the victim during the attack.
3. Time it takes for the level to reach the level of understanding to make an informed decision.

Legacy Response
Below are some of the observations about how different level of maturity and approaches can affect your cyber response-curve:
1. Time to detect: 18 months
2. Level of understanding: Poor -- since network architectures are not well understood and the business impact of attack are not considered
3. Time to informed decision: Weeks to months

The standard legacy systems used by most organizations are not keeping pace with the evolving threat landscape. Many companies only become aware of an advanced attack when they are notified by a government agency or another third party.

When investigating such an incident, the technical specialists must split their time across the numerous tools, collecting small pieces of information from each and manually piecing together the details of an attack.

Organizations operating in this manner often respond too quickly before building a good enough understanding. This can cause the attacker to increase their level of activity, while accidentally putting the investigating team back to the start of the response curve. The business exposure actually goes up, not down, as a result of their actions.

Efficient Investigation
Equipping a technical team with solutions powered by the right technology dramatically compresses the cyber response-curve, both in terms of the time to detect and the rate of understanding.

The full benefit to the technical team is realized by bringing together disparate data sources, linking and enriching entities with open- and closed-source information, pre-computing frequently asked questions and sharing collective knowledge.

Business 'Aware' Decision Making
By bridging the business world with that of the technical team in the security operations center and giving them a common language and tools, allows teams to not only squeeze their cyber response-curve but also to significantly raise their level of understanding by considering more than just the technical details of an attack.

We see this as an evolution of today's security operations center rather than a transformation. Done correctly, these benefits can be delivered to existing operational teams rather than requiring the hiring of PhDs and can unleash the value of existing tool investments rather than requiring the wholesale replacement of technology.

What You Can Do Today
The more preparation you do to be able to squeeze the cyber response-curve, the better able you are to deal with an attack. In summary:

  • Understand the threats to your business and identify the techniques you will need to detect them reliably and promptly
  • Collect, collate and store as much relevant data as is affordable in advance of an attack to enable you to reach the right level of understanding to respond effectively
  • Have people, processes, tools and partners ready to allow you to efficiently detect, investigate and respond to attacks
  • Understand the business context and business impact of a potential attack, and educate your executive board so that they can make informed decisions.

Are you ready to squeeze your cyber response-curve?

About The Author:
Colin McKinty leads BAE Systems Detica's cyber business in the Americas. Colin joined Detica in 2001 having completed his PhD at the University of Surrey (UK). In his early career Colin led various information exploitation projects in the UK and US. He went on to run Detica's federal business in the US before taking on his current position in 2012.

Comment  | 
Print  | 
More Insights
More Commentary
Shared Reporting Services on the Horizon, Genpact Predicts
The financial services industry is starting to adopt shared services, resulting in reasonable impacts to the bottom line. Genpact expects a push for reporting efficiency will come next.
Don't Let the Cloud Rain on Your Operations Strategy Parade
Avoid migrating large applications all at once to minimize risk during a cloud project.
Could Intel Lose Data Center Market Share to ARM Chips?
ARM chips could be an alternative for certain purposes in the datacenter, but many questions have to be answered before they pose a threat to Intel's market dominance.
Cost to Trade: Hey, Banks, Itís Time to Face the Music
Why is calculating the cost to trade so difficult for banks? The answer is as complex as the calculations themselves.
M&A Activity Will Continue to Grow in 2015
Data shows that the M&A market continues to improve, and forecasts indicate deal making will be healthy in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video