Building the Momentum: Taking Action Towards Proactive Incident Response

Posted by Justin Rowe on 7/6/16 1:08 PM

Taking Action Towards Proactive Incident Response

To continue the IT Security Breach Trends conversation beyond our webinar discussion with my CenturyLink colleagues Tim Kelleher and Darnell Fatigati, all organizational team members must exercise habitual action to ensure proactive processes are planned, documented and executed around the IT and information security spectrum.  Lessons can be learned and metrics can actually be utilized with continued research and analysis of IT security studies consistently being released.  As mentioned during the webinar, the smallest of use cases implementing proactive incident detection and response can lead an organization in the right direction, especially with advanced persistent threats (APT) continuously evolving.  Expanding upon the first blog on this topic, enabling true innovation within and beyond the people, process and technology paradigm will allow organizations to stay on the forefront of threats and actors that could negatively impact any organization. 

The Evolving Technology Around Us

Within advanced technology, for example, looking beyond our everyday computer desktops with new threats reaching devices around mobile and the Internet of Things is already taking place.  Devices that utilize the iOS and Android operating systems are continuously identifying new exploits that are analyzed and communicated.  Per Symantec’s Internet Security Threat Report for 2016, “71 percent more apps were analyzed in 2015 from 2014 and more than three times as many (230 percent) more were classified as malicious.  Out of the 10.8 million apps analyzed, 3.3 million we’re classified as Malware.”  As organizational cultures shift towards increased workers performing their day-to-day jobs remotely, continuous and proper attention to the devices that are used is imperative.  Beyond using Mobile Device Management and Mobile Application Management programs, IT teams must continue to communicate with employees across the enterprise new vulnerabilities and threats around the use of mobile devices, and what actions to take above and beyond notification.

From a press release distributed in 2015, “Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, and will reach 20.8 billion by 2020.”  As related to mobile devices being used, housing critical organizational data and intellectual property for example, the security of devices falling under the Internet of Things (IoT) category must be given the same proactive due diligence within IT security preparedness and response.  The flexibility and usability of IoT devices increases the scope of actions required to maintain a proactive IT security posture.  Referencing Gartner’s Adaptive Security Architecture framework of Predict, Prevent, Detect and Respond, users of these connected devices must apply themselves as IT security sentinels ensuring organizational data and devices are protected from APTs.   

The Future of IT Security From the Gartner Security and Risk Management Summit

Prior to our webinar last week, both Tim and Darnell had the opportunity to attend the Gartner Security and Risk Management Summit that took place June 13th-16th.  Tim compiled his thoughts, which was published on with his insights from the summit, connecting some of his points to our recent webinar.  Below is an excerpt from the article.

“If you were anywhere near Gartner’s Security and Risk Management Summit this past week, the message couldn’t be stated more clearly: The world is a dangerous place, and major security breaches are becoming more common every day. The trick is not just preventing attacks, but building strategies to avoid future incidents while aligning for threats already lurking within the organization.

The economic digital transformation could wreak havoc on IT security. According to Gartner Group, greater than 25 percent of all enterprise IT attacks in 2020 will be associated with IoT. The surge of connected devices creates a new hacker landscape. This dynamic also reinforces the need for what Gartner dubs its “Adaptive Security Architecture: Predict, Prevent, Detect, Respond”. 

Attacks come from all angles, and simple protection just isn’t enough. Some threats have already made their way into the infrastructure, just waiting to act at the right time. Gartner suggests a “layered” approach to IT protection, beginning with risk assessment via predictive analytics and up-front prevention – followed by comprehensive detection and response. And each phase must be achieved holistically.”

So, How Are We Doing?

As organizations drive the importance of proactive preparedness, detection and response, the request of metrics and reporting is something we cannot expect to go away.  In order for us to execute this proactive environment, the review and analysis of IT security metrics throughout the enterprise must be performed to enable continuous improvement in addition to finding new gaps and opportunities.  Through the developed culture of proactive IT security practices, team members from across the enterprise can participate in providing feedback and constructive criticism on their roles and the performance of the program.  With both qualitative metrics through this feedback and quantitative feedback from the output of processes and technology, organizational leadership can champion their IT security programs through improved and optimized decision-making above and beyond just seeing the financial ROI.

Defining results realized, and communicating process and technology improvements, are just a couple of additional steps within the metrics analysis that enable proactive IT security innovation and creativity to take place.  Leaders can utilize the enterprise to expand upon simple problems that have not yet had a solution identified or an action taken.  Through an emphasized crowdsourcing initiative, employees can take part in supporting their company with driving proactive solutions around IT security.  Organizations can foster this empowerment through requested feedback where metrics might have not been gathered, and the smallest of problems can be identified.


In case you missed the webinar, watch it on demand now:

Stream the Recording



Topics: IT Strategy