According to an IBM study, the “vast majority” of organizations today are unprepared to respond effectively to a serious security incident. Most often, this is due to chronic resource issues and inadequate planning.

  • In 2019, it took organizations an average of 206 days to identify a data breach and another 73 days to contain it, a nearly 5% increase over the year before.
  • The total average cost of a data breach for the largest organizations was $5.11 million (about $204 per employee). For smaller organizations, the average was $2.65 million (about $3,533 per employee). The higher proportional costs for smaller firms can “hamper their ability to recover financially from the incident”.
  • Less than a quarter of those surveyed have a cybersecurity incident response plan (CSIRP) that is applied consistently across the entire enterprise. Another 49% say they either don’t have a CSIRP at all or that their CSIRP is informal or “ad hoc”.
  • Of those organizations that do have CSIRPs, more than half fail to test and maintain them on a regular basis due to ongoing team staffing issues.

Business Challenge

There is no quick fix to resolve these challenges. The acute global shortage of experienced cybersecurity talent shows no signs of abating. Overstressed security workers contending with alert fatigue struggle to keep systems patched and updated, leaving organizations vulnerable to attacks that could otherwise be easily prevented. Attempts to close gaps by adding security layers can result in a defense infrastructure that is overly complex and difficult to manage. Meanwhile, threat actors continue to innovate, developing tactics, techniques, and procedures (TTPs) designed explicitly to evade legacy signature-based defenses by obfuscating malicious code, utilizing polymorphism, or exploiting dozens of other techniques.

BlackBerry Security Services Approach To Incident Response

Every BlackBerry Security Services Incident Response (IR) engagement proceeds through five distinct phases that fully-leverage BlackBerry AI technology and the expertise of its global IR teams. These five phases run concurrently, enabling dynamic, rapid responses to evolving incidents, and shortening the critical path to containment.

During the kickoff meeting, the BlackBerry and client IR teams align to scope the engagement, review the initial indicators of compromise (IOCs), and develop a project plan and preliminary timeline. At the conclusion of the meeting, the following will have been established:

  • How the attack was initially detected
  • The data that’s been collected 
  • A preliminary threat profile 
  • Actions taken so far to mitigate the damage 
  • The client’s project priorities and goals
BlackBerry Security Services Approach To Incident Response

Expected Business Benefits

The BlackBerry Security Services multi-faceted approach to IR offers clients several direct benefits.

  • Rapid Detection: By integrating artificial intelligence (AI) into their tools and processes, BlackBerry IR teams produce preliminary results quickly. Detection and containment of ransomware and APTs can begin within hours of completing data collection. 
  • Rapid Response: The wait time for a mid-tier provider or large consulting firm to respond to a breach can stretch into weeks, allowing damage to spread and driving up the costs of recovery and cleanup. BlackBerry Security Services IR experts are available at a moment’s notice to deliver consistent, best-in-class services. 
  • Rapid Remediation: As soon as BlackBerry Protect is activated in autoquarantine mode, malware will be prevented from executing on infected systems and spreading laterally across the network. BlackBerry Optics can then initiate a sequence of automated remediation responses that efficiently neutralize the threat and help clean up the environment.

To read full download the whitepaper:
The 5 Phases of Incident Response