It often happens to work with companies that have signed contracts with ICT service providers that turn out to be inefficient when needed.
In today’s business environment, Cybersecurity management must be configured as a multidimensional process that requires the coordinated interaction of several professionals, each with specific skills, within extremely short time frames. This need emerges most prominently when companies are faced with cyber incidents. Situations in which speed and effectiveness of response are critical to limiting damage.
Incident Response: the case
A recent event involved Cyberoo’s Incident Response team, called to intervene at a major Italian financial sector company hit by a ransomware attack.
The company involved had outsourced the complete management of its IT systems to an external system integrator, as it had no in-house IT staff. And so far (almost) so good. The problem came when, during investigation activities, all technical communication had to go through the aforementioned system integrator, holder of essential technical knowledge, complicating all phases of incident response given its partial responsiveness.
To complicate things even further, its lack of integrated governance of the IT infrastructure. Servers and firewalls, in fact, were managed by an external provider who, according to the contract, guaranteed support only by ticket and with response times defined as next business day. The incident, which occurred on the eve of a weekend followed by a public holiday, highlighted the limitations of this approach, significantly slowing down investigation and response operations.
The moral, or better yet, the steps to follow
This episode underscores the importance of viewing cybersecurity not just as a set of advanced technological tools, but as a process involving human expertise, operational procedures, and appropriate contractual arrangements. In particular, companies need to:
- Integrate internal and external expertise: Have in-house cybersecurity expertise or, when this is not possible, establish close and functional relationships with specialized external vendors to ensure effective and timely communication in case of incidents.
- Clearly define roles and responsibilities: Every figure involved in the cybersecurity process, from internal staff to external vendors, must be clear about their roles and responsibilities, especially in critical situations.
- Make appropriate contractual arrangements: Contracts with ICT service and technology providers should include specific clauses for incident management, including guaranteed response times even during non-business hours and days, to ensure prompt and effective action.
- Implement an Incident Response Plan (IRP): Having a well-defined and regularly tested incident response plan is critical to organizing a coordinated and timely response, minimizing the impact of attacks.
- Continuous training: Ongoing staff training and keeping abreast of the latest threats and defense techniques are essential to maintain high organizational resilience to cyber attacks.
In conclusion, cybersecurity should be understood as a holistic process that integrates technology, people and processes, with the goal of protecting corporate digital assets proactively and reactively. Collaboration among all involved, supported by sound contractual agreements and effective response plans, is the key to resilient and dynamic cybersecurity.
