“Trusted Partner” in Cybersecurity: Cliché or Necessity?

December 2, 2021
| |
3 min read

I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either.

I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual culprits were there: ideate (is that even a word?), influencer (code for someone who likes the sound of their own voice?) and snackable content (I’d rather have potato chips, thank you).

But there was one word on there that I was surprised to see — and I disagreed with its place on the list: partner.

Much of the reason, I suspect, that I took issue was because I lead the X-Force Incident Response team. I know that when it comes to cyberattacks, even the most well-staffed security team needs a trusted partner. Not just when the attack hits, but before. At the planning stage, creating and rehearsing the playbooks and finding the vulnerabilities before the criminals do. That’s when a partner matters most.

If nothing else, the events over the past 24 months have shown us that having a trusted partner is more important than ever. The number of annual ransomware incidents my team remediates has been on a steady climb: 20% growth in 2019, 23% in 2020, and, most likely, a higher percentage in 2021.

Adding to that, this year the U.S. administration issued an executive order designed to improve the nation’s cybersecurity. While details are still being developed, it’s pretty clear there are sweeping changes ahead — and they will likely have a global ripple effect.

Choosing the right trusted partner in a complex labyrinth of global disruption, government mandates and increasingly aggressive and sophisticated threat actors can seem overwhelming. The good news is IDC may have done much of the footwork for you. IDC recently released the IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, which evaluates vendors and positions them as a leader or a major player in incident readiness.

There are five important attributes and vendor capabilities that IBM feels can help make a trusted partner for organizations. Those attributes are:

1. Employee Strategy

Diversity. Organizations should evaluate vendors that can deliver a comprehensive readiness and incident response (IR) approach. From boots on the ground incident responders, to thought leaders who can develop exceptional educational content and front-of-room trainers who can deliver believable immersive experiences; The vendor should have experts who have experienced cyberattacks in many situations, so they know what to include in your organization’s plans, playbooks and training guides — and how to respond during a live incident.

2. Portfolio

Bespoke. When it comes to incident preparedness, off-the-shelf is insufficient. Every organization has a unique structure and strategy, and a different set of data that is critical to their operation. A meatpacking plant is going to need a different plan than a medical center — and your plans need to reflect those needs. The portfolio offering should be varied and tailored to your specific requirements.

3. Delivery

Education. The incident readiness delivery team must be match-fit professionals working on the latest breaches, attending the best industry training courses, and must hold up-to-date certifications. The team should regularly attend personal incident readiness and incident response training to better understand and appraise the experience they are delivering. The preparation and education of your organization’s staff should include all business stakeholders, including IT, Security Leads, Legal, Communications/PR, HR and C-level executives.

4. Functionality

Industry Knowledge. Whether you are preparing policy, training your staff, or testing your services; the incident readiness provider you evaluate should be knowledgeable of your industry. They need to have research capabilities that can keep them ahead of the threat actors’ tactics and techniques. With procedures and the flexibility in place to offer their services to you match the layout of your organization.

5. Pricing

Flexibility. Pricing should be both flexible and affordable. Your incident readiness services provider should offer a roadmap of services to you with its long-term pricing upfront including the option to purchase in one transaction or spread your payments over several years if necessary (depending on how long the roadmap is). This roadmap should ideally include a retainer that provides proactive services that covers planning, preparing and exercising your response.

Ultimately, you need to choose a partner that you trust — hence the phrase “trusted partner.” Do it now, before an attack happens so you don’t end up choosing the first one that comes along. Take the time to choose the right one.

IBM was named as a leader in the IDC MarketScape because we offer a fast delivery of services at a low cost, with high value, and a vast portfolio of IR capabilities to help organizations build cyber resilience. These are qualities that matter in a trusted partner when it counts most.

In the cybersecurity world, I don’t think the term “partner” is a business cliché at all. I think it’s an absolute necessity.

Download the IDC MarketScape for Worldwide Incident Readiness Services 2021 report excerpt to find out how your organization can improve its incident readiness, register for our webinar Building Cybersecurity Muscle Memory for Effective Incident Response and learn more about IBM Security X-Force.

Laurance Dine
Global Partner, X-Force Incident Response

Laurance Dine is a business and technical leader with over 17 years’ experience in Digital Forensics and Incident Response. He is sought out as a subject m...
read more