News

Cybersecurity Incident Responders Help 'Rebuild Trust' After Attack

• By David Ramel
• 03/29/2022

In choosing a cybersecurity incident response service, organizations should look for vendors with a long-tail approach to helping the victim in "rebuilding trust" by restoring brand and reputation, says a new research report.

That finding comes in the "Forrester Wave: Cybersecurity Incident Response Services, Q1 2022" report from Forrester Research, which examined 13 cybersecurity incident response services (CIRS) providers to produce guidance to help organizations make their choice.

The firm noted that 2021 data indicates 63 percent of respondents -- global security decision-makers -- reported suffering at least one breach in the past year. In the firm's last such report, in early 2019, that number was only 50 percent.

The report comes at a time when organizations are faced with tons of guidance from vendors, experts, pundits and federal agencies on ways to harden their systems to avoid ransomware, while wrestling with cyber insurance carriers who are jacking up premiums, dropping clients and looking for any fine-print excuse to avoid payouts. And that's in the more initial stages of incidents that could have negative effects long after, for which organizations might need extended provider services.

"Initiating incident response actions is often just the beginning of a protracted effort to rebuild brand and reputation," Forrester said in the report. "The work of rebuilding trust -- with customers, employees, partners, insurers and regulators -- begins in earnest after an organization recovers operations post-breach."

Taking all that into account, Forrester advises organizations to look for CIRS providers who:

• Prepare you for the worst and keep you insured in the process
• Truly understand the legal and regulatory landscape
• Support the long tail of incident response

In the trademarked Forrester Wave approach -- with vendors plotted on strength axes for current offerings and strategies, weighed by market presence and grouped into categories -- the breakdown is:

• Leaders: Deloitte, Mandiant, CrowdStrike, Stroz Friedberg
• Strong Performers: Kroll, Booz Allen Hamilton, PwC, Palo Alto Networks, Secureworks
• Contenders: IBM, Cisco, Verizon
• Challengers: Trustwave

Regarding the need for long-tail support, Forrester said: "Your incident response services provider should provide support to your organization as you rebuild your business and your brand. This may include in-house communications specialists, environment recovery pros, or customer support call center creators. Many providers offer ongoing relationships that include managed detection and response (MDR) services to ensure the attacker doesn't regain entry. Other firms may assist with gaining executive buy-in for and the execution of efforts to improve overall security posture. Select a CIRS provider that has longer-term support capabilities and services best aligned to your reputational recovery needs and your program's maturity gaps."

The report -- typically available for free from participating vendors -- is meant to be a starting point for an evaluation process, the firm emphasized.