Three ways to build a rapid-response culture in cybersecurity teams


The phrase “need for speed” might sound like a catchy one-liner from a Hollywood blockbuster. However, when it comes to information security, they are words to live by. Consider this vital fact: Malware permeates organizations with lightning speed and frequently causes millions of dollars of damage in a relatively short period of time. Because of this, cybersecurity teams should be able to respond speedily when threats happen.

Growing your team from an average state into one with a rapid-response mindset requires a few key elements:

First, there has to be modular structure. What this means is that teams need a set response format to work with. This structure should evolve, adding processes or additional needed components, as a team’s obligations in cybersecurity change.  As Bob Carver, CISSP, CISM, MS, says in a 2017 article, Cybersecurity: The Need for SPEED: “You don’t want to be one of those organizations that gets notified of a compromise by law enforcement before your security teams are aware of the situation.”

The second element to maintaining a rapid response culture is situational awareness. Is the cybersecurity team “in-the-know” regarding where to find their tools? What type of response to take, who to contact, when to act, and most importantly, how to execute their response — are all questions that should be answered before operating in a production environment.

Steve Fox, CEO of Security Pursuit, writes: “Staff who are able to apply situational awareness methodologies are better able to assess current vulnerabilities and determine the need for action.” Also, according to Fox, the agility of maintaining situational awareness allows organizations to eliminate vulnerabilities before they cause damage.

Third, encourage drills to promote team agility. Even with cutting-edge skill sets and available resources, response time can still falter if both components are not used frequently. By “going through the motions” of regularly responding to simulated threats, a team can build the physical and mental bite that lessens the chance for mistakes during the execution of an actual incident response. Cybersecurity stakeholders will discover that this practice in fact leaves information ingrained deeper within a team’s psyche, both at the individual and collaborative level.

Accelerated response in cybersecurity is a learned practice. However, when a culture is developed, rapid response becomes natural and can increasingly match the hostile landscape created by malicious actors.

Chuka R. Okonkwo, B.Sc, CCNA, Security+, is a cybersecurity analyst (strategic accounts) at DXC.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.