I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either.

I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual culprits were there: ideate (is that even a word?), influencer (code for someone who likes the sound of their own voice?) and snackable content (I’d rather have potato chips, thank you).

But there was one word on there that I was surprised to see — and I disagreed with its place on the list: partner.

Much of the reason, I suspect, that I took issue was because I lead the X-Force Incident Response team. I know that when it comes to cyberattacks, even the most well-staffed security team needs a trusted partner. Not just when the attack hits, but before. At the planning stage, creating and rehearsing the playbooks and finding the vulnerabilities before the criminals do. That’s when a partner matters most.

If nothing else, the events over the past 24 months have shown us that having a trusted partner is more important than ever. The number of annual ransomware incidents my team remediates has been on a steady climb: 20% growth in 2019, 23% in 2020, and, most likely, a higher percentage in 2021.

Adding to that, this year the U.S. administration issued an executive order designed to improve the nation’s cybersecurity. While details are still being developed, it’s pretty clear there are sweeping changes ahead — and they will likely have a global ripple effect.

Choosing the right trusted partner in a complex labyrinth of global disruption, government mandates and increasingly aggressive and sophisticated threat actors can seem overwhelming. The good news is IDC may have done much of the footwork for you. IDC recently released the IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, which evaluates vendors and positions them as a leader or a major player in incident readiness.

There are five important attributes and vendor capabilities that IBM feels can help make a trusted partner for organizations. Those attributes are:

1. Employee Strategy

Diversity. Organizations should evaluate vendors that can deliver a comprehensive readiness and incident response (IR) approach. From boots on the ground incident responders, to thought leaders who can develop exceptional educational content and front-of-room trainers who can deliver believable immersive experiences; The vendor should have experts who have experienced cyberattacks in many situations, so they know what to include in your organization’s plans, playbooks and training guides — and how to respond during a live incident.

2. Portfolio

Bespoke. When it comes to incident preparedness, off-the-shelf is insufficient. Every organization has a unique structure and strategy, and a different set of data that is critical to their operation. A meatpacking plant is going to need a different plan than a medical center — and your plans need to reflect those needs. The portfolio offering should be varied and tailored to your specific requirements.

3. Delivery

Education. The incident readiness delivery team must be match-fit professionals working on the latest breaches, attending the best industry training courses, and must hold up-to-date certifications. The team should regularly attend personal incident readiness and incident response training to better understand and appraise the experience they are delivering. The preparation and education of your organization’s staff should include all business stakeholders, including IT, Security Leads, Legal, Communications/PR, HR and C-level executives.

4. Functionality

Industry Knowledge. Whether you are preparing policy, training your staff, or testing your services; the incident readiness provider you evaluate should be knowledgeable of your industry. They need to have research capabilities that can keep them ahead of the threat actors’ tactics and techniques. With procedures and the flexibility in place to offer their services to you match the layout of your organization.

5. Pricing

Flexibility. Pricing should be both flexible and affordable. Your incident readiness services provider should offer a roadmap of services to you with its long-term pricing upfront including the option to purchase in one transaction or spread your payments over several years if necessary (depending on how long the roadmap is). This roadmap should ideally include a retainer that provides proactive services that covers planning, preparing and exercising your response.

Ultimately, you need to choose a partner that you trust — hence the phrase “trusted partner.” Do it now, before an attack happens so you don’t end up choosing the first one that comes along. Take the time to choose the right one.

IBM was named as a leader in the IDC MarketScape because we offer a fast delivery of services at a low cost, with high value, and a vast portfolio of IR capabilities to help organizations build cyber resilience. These are qualities that matter in a trusted partner when it counts most.

In the cybersecurity world, I don’t think the term “partner” is a business cliché at all. I think it’s an absolute necessity.

Download the IDC MarketScape for Worldwide Incident Readiness Services 2021 report excerpt to find out how your organization can improve its incident readiness, register for our webinar Building Cybersecurity Muscle Memory for Effective Incident Response and learn more about IBM Security X-Force.

More from Incident Response

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today