A Weekend in Incident Response #23: Lengthy Cyber Attack Recovery Periods Lead to Creation of “Mean Blind Spots”, Increasing Risk of Future Attacks on Organizations, Study Shows

The greatest challenge for every organization that deals with cyber security threats is how to reduce its reaction time when responding to an incident and recover as soon as possible in order to minimize the consequences and contain the damage.

A new study that was recently published by the University of Portsmouth states that the fact that it takes a long time for organizations to recover from an incident makes them that much more vulnerable to future attacks soon thereafter. The study was conducted by researchers with the University of Portsmouth’s School of Computing, who have found that many organizations across different industries are faced with a serious issue threatening their cyber security, caused by long recovery times from cyber attacks and data breaches they had already suffered. The researchers call the recovery time between two cyber attacks increases an organization’s susceptibility to more attacks, dubbing that period “mean blind spot”.

After analyzing the VERIS Community Database – a dataset of cyber incident reports collected through various information sharing initiatives, researchers found that organizations often take days to recover from an attack, rather than hours, which increases the risk of getting breached between attacks. This suggests that reducing reaction times when responding to an incident can play an important role in preventing future cyber attacks.

Available Solutions for Reducing Reaction Times

The results of the University of Portsmouth’s study unequivocally point to the need for organizations to adopt a solution that would allow them to recover from cyber attacks much faster than today’s current speeds. Considering that there are a lot of actions that should be taken simultaneously by cyber security teams after their organization is breached, as they try to resolve the incident, a solution that would take care of some of those actions for them would be of great help to them and would accelerate the recovery process.

There are various solutions that can provide this type of help, and automation-and-orchestration cyber incident response platforms are what cyber security professionals need in their efforts for resolving incidents quickly and effectively. Those types of platforms allow you to execute a previously devised incident response plan in the most effective manner and save precious time while working on recovery.

One capability that these platforms provide that can be crucial for the mitigation of the problem at hand, is the fact that they allow you to analyze and respond to incidents in real time. They can automatically perform time-consuming tasks such as analysis of the reasons and origin of an incident, allowing you to quickly figure out where an attack is originating from and understand the methods and channels that were used by the attackers. Through automated playbooks, an incident response platform helps cyber security teams to prioritize their response, providing them with the key risk indicators so that they will know the current status of an incident and react accordingly.

Also, these platforms have the capability to create automated incident reports, run predictive analysis, and collect digital evidence for forensics purposes, which reduces reaction times even further.

In summation, the “mean blind spot” issue pointed out by the University of Portsmouth study could be best addressed by organizations by employing an incident response platform that is capable of automating some of the key processes that are part of a typical incident response plan.