7 Ways an Incident Response Retainer Can Increase Security Resilience

Nov 29, 2021
5 minutes
... views

The number of cybersecurity incidents has increased amid the shift to remote work. Just in the past year, as many as 18,000 customers of SolarWinds unknowingly let in attackers through an update that appeared legitimate, exposing security weaknesses throughout infrastructure and supply chains. At the same time, ransomware continues to make the headlines as cybercriminals use highly sophisticated tools and tactics to disrupt the remote workforce and coerce organizations into paying large ransoms. In fact, according to the 2021 Unit 42 Ransomware Threat Report, the average ransomware payment climbed 82% in the first half of 2021 to a record of $570,000.

As a result, organizations are increasingly adopting incident response service solutions, specifically through retainer-based service contracts, in order to mitigate cyber risk and respond quickly in the event of a breach, before major damage occurs.

How prepared are organizations in the current threat landscape, and how does your organization stack up?


Current State of Incident Response Preparedness

Enterprise Strategy Group recently surveyed more than 330 cybersecurity professionals to gain insight into the incident readiness market. The report, “An Ounce of Prevention: Investing in Incident Readiness,” captures the current landscape of incident response and identifies some of the current gaps and best practices:

  • Only 57% of those surveyed said they had a fully documented incident response playbook, and of that, only 55% said it was fully integrated into standard operating procedures.
  • Most respondents stated they had at least one retainer to assist with breach response, but 30% had none.
  • Nearly half of respondents felt that there is a problematic skills shortage in cybersecurity.

Clearly, many organizations lack the infrastructure and expertise to support incident response. But with the increasing adoption of cloud-based platforms and the growing rate of enterprise IoT use, the stakes could not be higher.

Regardless of where you are on the journey to cyber resilience, the need for a robust incident response plan is clear, and it only makes sense to trust this task to the experts.


The Benefits of an Incident Response Retainer

An incident response retainer offers peace of mind to organizations, offering expert support before and in the aftermath of a cybersecurity incident.

With an incident response retainer in place, organizations can prepare for cyberthreats and respond rapidly should a threat actor infiltrate secure data or systems.

The benefits of an incident response retainer include:

  1. A strategic incident response plan that will lower the likelihood and cost of a breach.
  2. 24/7 access to incident response experts.
  3. Reduced recovery times with prearranged communication channels and predefined response playbooks.
  4. The ability to better manage costs with predictable budgets and improved response efficacy through tabletop reviews and readiness assessments.
  5. The elimination of prerequisite onboarding and technology integration.
  6. The ability to mitigate downstream risks by following digital forensic best practices and defensible processes to satisfy regulators.
  7. Flexibility in retainer credits usage.

An incident response retainer is a promising option to help busy organizations prioritize cybersecurity initiatives and planning, but where should you start? It’s imperative to understand the services available to your organization and the distinct areas of expertise that should be included.


What to Look for in an Incident Response Service Provider

As your organization considers an incident response service provider, there are specific areas of expertise that should not be overlooked.

The Gartner®Market Guide for Digital Forensics and Incident Response Servicesoutlines incident response services, the current market, the differences between proactive and reactive services and why those distinctions are key to developing the right plan for each unique organization. Also, the report recognizes several firms as Representative Vendors, including the Palo Alto Networks Unit 42 Incident Response Services.

If your organization is in the process of looking for an incident response retainer, there are several key criteria you should look for, including:

  • Incident response preparation and planning services.
  • Proactive remediation, crisis management and crisis communication to support post-breach incidents.
  • First responders trained to handle deep investigations, including on social media platforms and the dark web.
  • Forensic capabilities to contain and mitigate future threats.


How Unit 42 Can Help

The Unit 42 Services Retainer reduces your incident response time by having our IR experts as an extension of your team on speed dial. This means we operate under prenegotiated terms, with predefined communication channels and playbooks to get started on your investigation within minutes.

What you may not know is that you also have the flexibility to use the prepaid credits for any of our proactive services. We help you take a threat-informed approach to identify gaps based on the latest threats that represent the biggest risk to your organization.

These services will help CISOs:

  • Prioritize resources by determining whether your organization is prepared for threats.
  • Mitigate risk by seeing how susceptible your organization is to attacks.

And it will also help your SOC team identify if you have been compromised, in order to respond quickly before any other damage happens.

Unit 42 is proud to offer industry-leading incident response retainer services, including data breach response, ransomware investigation and recovery services, digital forensics and insider threat investigations, tactical response insider threats, and expert witness testimony. Learn how to get started with our Incident Response Services.

If you are experiencing an active breach, or think you may have been impacted by ransomware, please email unit42-investigations@paloaltonetworks.com or call (866) 486-4842 – (866) 4-UNIT42 – for U.S. toll free, (31-20) 299-3130 in EMEA or (65) 6983-8730 in JAPAC. The Unit 42 Incident Response team is available 24/7/365. You can also take preventative steps by requesting a Ransomware Readiness Assessment.

Gartner Market Guide for Digital Forensics and Incident Response Services, Prateek Bhajanka and Wam Voster, Sept. 21, 2021. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.