• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership Finance Governance, Risk and Compliance

PodChats for FutureCISO: Futureproofing your Enterprise Incident Response in 2022

Allan Tan by Allan Tan
April 12, 2022
PodChats for FutureCISO: Futureproofing your Enterprise Incident Response in 2022

PodChats for FutureCISO: Futureproofing your Enterprise Incident Response in 2022

Incident response is an organised approach to addressing and managing the aftermath of a security breach or cyberattack. It is sometimes referred to as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

It can be argued that the dramatic increase in cyberattacks in recent years, the variety, notoriety, and the severity of impacts warrant a revisit of incident response strategies and technologies.

According to a report by Red Canary, 49% of organisations surveyed are not equipped to meet cybersecurity challenges, while 54% are wasting valuable time investigating low-level alerts and slowing down the incident response process.

Pei Yuen Wong

Framing the dialogue with FutureCISO around cyber security, Pei Yuen Wong, CTO of IBM Security, ASEANZK, defines Enterprise Incident Response (EIR) as having the ability to be able to detect an incident in the first place amidst all the legitimate activities that are happening on the attack surface, followed by having the right level of skills, effective processes and appropriate technologies to perform an investigation to piece together the puzzle on what is actually happening and which systems are affected, and finally being sufficiently capable to take the necessary steps to eradicate the threat and contain the damage if any.

He added that depending on the severity of the incident, leaders of the enterprise should also be prepared to form a crisis management team that also includes legal, communications, regulatory affairs, and other relevant experts to deal with questions and issues that may arise from the media, regulators, and the public, because of the incident.

“All these are essential to an effective EIR capability that any enterprise in the digital age today needs to have to be resilient against rapidly evolving cyber threats and continue to function as a business in the event of any incident big or small,” he continued.

COVID-19’s impact on EIR

According to Wong, the acceleration of digital transformation since 2020 has had a profound impact on EIR. He noted that the onboarding of more technologies implies more vulnerabilities inviting more attempts by threat actors to exploit these.

“Threat actors have also shifted the profiles of their targets, as they now find certain geographies and industries more lucrative and rewarding compared to before. Health and safety management measures due to the pandemic itself have also resulted in the need for Enterprise Incident Response processes to be updated,” he opined.

A need to update EIR

Wong believed that against the backdrop of increased threat activities, detection accuracies need to be improved by many folds so that incident responders can spend adequate attention on real incidents instead of dealing with false positives which many enterprises still need to contend with, unfortunately.

“Response and recovery plans also need to be updated for consistency that considers the diverse nature and rapidly growing footprint of business-IT systems in the enterprise, and to ensure that IR scenario planning and recovery processes are sufficiently robust and comprehensive,” he suggested.

He also posited the need to leverage automation in incident response using cyber security technologies such as Security Orchestration, Automation, and Response or (SOAR) platforms.

Where security teams should focus

Wong acknowledged that there is no one organisational model that fits all organisations. What is important he commented is that when a crisis is declared (as in an attack), the people in the room must be empowered to take steps immediately.

“For enterprises to be resilient and do well in the event of a cyber incident or crisis, it is, therefore, crucial that a good governance framework is drawn up that clearly defines who is accountable for cyber security under what circumstances, what decision making mandates this person or committee has during a crisis, and so on,” he proposed.

Composition of a post-COVID CSIRP

Gartner noted that in 2021 10% of breaches involved ransomware, a number expected to rise in 2022 which means that all security and risk management leaders must prepare. "The key tools are a documented response plan and a detailed playbook for the incident type to allow the leader to act fast," noted the analyst.

According to Wong, the essential elements of a cyber security incident response plan (CSIRP) remain by and large the same even post-COVID, namely (1) preparation; (2) detection & analysis; (3) containment, eradication & recovery; and (4) post-incident review.

Blind spots of EIR and CSIRP

Wong concedes that on paper, most enterprises have documented incident response plans as compliance or audit policies would typically require organizations to have an IR plan in place.

In practice, many incident response personnel do not refer to the IR plans after they have been created and would instead just rely on the individual’s experience and expertise to respond to an incident when one arises. This results in inconsistencies in responses event when two incidents are similar.

He suggested that enterprises encode the incident response plans into automated, repeatable playbooks using security automation platforms. He also cited recovery strategies as another weakness.

He suggested conducting real exercises to verify recovery systems and processes in the response and recovery plan where possible, not just tabletop exercises.

Critical issues for CISOs

For leaders in the enterprise, there are many issues to consider in establishing and maintaining a robust Enterprise Incident Response plan.

“I would summarise these into a few key points: build the right team, practice is key, speed to decision-making is critical, and negotiate external resources in advance,” he concluded.

Click on the PodChat player to listen to Wong’s detailed strategies for futureproofing enterprise incident response strategies.

  1. What is Enterprise Incident Response (EIR)?
  2. How has it changed (or not) between 2020 and today?
  3. Given the increased cyber threats, should enterprise incident response strategies be updated to reflect this new reality?
  4. In lieu of this, should a new team be created to focus squarely on cyber risks or would updating the overall EIR be sufficient?
  5. What should be the composition of a post-COVID CSIRP?
  6. In general, where are the blind spots of many EIRs or CSIRPs?
  7. What do you see will be critical issues that CISOs and leadership must tackle to ensure the organisation’s EIR/CSIRP are ready and able to stand up to the challenges ahead?
Related:  Disproportionate risk strategies put retail customers at risk
Tags: CISOsCSIRPcyber security incident response planEIRenterprise incident responseFutureCISOGartnerIBMPodchats
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe