Three ways to build a rapid-response culture in cybersecurity teams

cybersecurity-response

The phrase “need for speed” might sound like a catchy one-liner from a Hollywood blockbuster. However, when it comes to information security, they are words to live by. Consider this vital fact: Malware permeates organizations with lightning speed and frequently causes millions of dollars of damage in a relatively short period of time. Because of this, cybersecurity teams should be able to respond speedily when threats happen.

Growing your team from an average state into one with a rapid-response mindset requires a few key elements:

First, there has to be modular structure. What this means is that teams need a set response format to work with. This structure should evolve, adding processes or additional needed components, as a team’s obligations in cybersecurity change.  As Bob Carver, CISSP, CISM, MS, says in a 2017 article, Cybersecurity: The Need for SPEED: “You don’t want to be one of those organizations that gets notified of a compromise by law enforcement before your security teams are aware of the situation.”

The second element to maintaining a rapid response culture is situational awareness. Is the cybersecurity team “in-the-know” regarding where to find their tools? What type of response to take, who to contact, when to act, and most importantly, how to execute their response — are all questions that should be answered before operating in a production environment.

Steve Fox, CEO of Security Pursuit, writes: “Staff who are able to apply situational awareness methodologies are better able to assess current vulnerabilities and determine the need for action.” Also, according to Fox, the agility of maintaining situational awareness allows organizations to eliminate vulnerabilities before they cause damage.

Third, encourage drills to promote team agility. Even with cutting-edge skill sets and available resources, response time can still falter if both components are not used frequently. By “going through the motions” of regularly responding to simulated threats, a team can build the physical and mental bite that lessens the chance for mistakes during the execution of an actual incident response. Cybersecurity stakeholders will discover that this practice in fact leaves information ingrained deeper within a team’s psyche, both at the individual and collaborative level.

Accelerated response in cybersecurity is a learned practice. However, when a culture is developed, rapid response becomes natural and can increasingly match the hostile landscape created by malicious actors.


Chuka R. Okonkwo, B.Sc, CCNA, Security+, is a cybersecurity analyst (strategic accounts) at DXC.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: