Research Hub > Respond to Breaches Faster, Smarter with Incident Response Services
3 min

Respond to Breaches Faster, Smarter with Incident Response Services

Organizations save money and minimize damage by having cybersecurity experts on retainer, ready to act the moment a compromise is detected.


Getting hacked is nothing new, as the recent “WannaCry” ransomware aptly demonstrates. Organizations have been fending off malware for years. But a virus outbreak back in 2005 was far less sophisticated than any of today’s attacks. Even ransomware — basic automated software that enterprises fight daily — can bring an organization to a standstill.

Although enterprises recognize the danger, many learn too late that they’re ill prepared to combat threats. Organizations that seek outside help after discovering a breach then have to wait days or weeks for lawyers to negotiate contracts — sometimes while intruders are still on their networks and getting even more firmly entrenched. That inefficiency not only increases the damage, but also drives up costs, as organizations are forced to pay four or five times what they would have if they weren’t in emergency mode.

Laying the Cybersecurity Groundwork

The wisest security investment an organization can make is setting up an incident response retainer in advance. By negotiating a contract with a service provider for either a block of hours or a level of service, the organization knows just where to turn if it’s attacked.

Having the right support before, during and after a breach is important because organizations are required to meet certain legal obligations following an incident. A retainer frees enterprises from having to make decisions while under stress, reducing the likelihood that they’ll run afoul of compliance regulations.

If the enterprise doesn’t have an incident during the year of its retainer contract, it can use the retainer fee for other services, such as creating an incident response plan or conducting a mock breach — steps that can optimize security plans to minimize damage.

Additional Cybersecurity Precautions

Beyond signing an incident response retainer, one of the most critical preparatory steps an organization can take is learning where sensitive data resides. This information enables breached enterprises to determine the extent of the damage and their regulatory obligations. For instance, if a hospital can prove that no protected health information was exposed during a breach, it’s not bound by the reporting requirements of the Health Insurance Portability and Accountability Act (HIPAA).

Another preparatory step is establishing and testing alert mechanisms. When an anti-virus program sends an alert about a potential breach, does anyone notice? End-user training is also important to help employees spot the signs of a breach, such as a cursor moving on its own.

HIPAA and other regulations require organizations that suffer a breach to report the incident to affected clients and the federal government within a set period of time. Organizations can save valuable minutes by determining ahead of time whom to contact and the circumstances under which they must be contacted, as well as by developing notification templates.

Enterprises can also decide how to handle investigations in advance, establishing what kinds of records they’ll keep and who’s in charge of what. Investigations can vary based on which systems were compromised, which data was affected and whether the breach resulted from malicious software or an actual intruder. For instance, if an organization falls victim to automated ransomware, it may need only to remove the software and recover functionality; however, if an organization is specifically targeted for espionage by an individual, it’s important to collect evidence to catch and prosecute the intruder.

A post-breach review can offer IT leaders deep insight into how they can improve security. As organizations focus on optimization, they should answer questions such as how they learned of the breach, whether alerts worked as planned, whether the right people were notified and how the plan can be streamlined.

Unfortunately, there’s no finish line when it comes to security. Organizations can write out how everything’s supposed to work, but unless they’re regularly updating and practicing their plans, they will fall victim to hackers. An incident response retainer can help them fight back.

Learn how CDW can help you safeguard data and mitigate the impact of a breach through services such as proactive security assessments and Incident Response retainers.