The importance of rapid response in SA's cyber security landscape

Ross Anderson, Business Unit Executive at Duxbury Networking.

---

The volume of cyber security services in South Africa is expected to top R6.65 billion this year, driven in part by the growing adoption of cloud computing services across the business landscape. Companies, regardless of size or industry sector, are increasingly becoming targets of sophisticated cyber attacks. To safeguard corporate data and infrastructure, a comprehensive cyber security approach must extend beyond traditional defensive solutions and include a dynamic method to mitigate cyber threats.

Research has shown that the average total cost of a data breach amounts to R49.25 million. Data loss, intellectual property theft, reputational damage and regulatory fines all contribute to this, with no company able to come out unscathed from a successful cyber attack. Even then, the recovery process can be lengthy and costly to significantly disrupt continued operations. This underscores the importance of having fast and effective incident response mechanisms in place.

Services such as Sophos Rapid Response are designed with this objective in mind, helping to mitigate the impact of active cyber security threats and enabling companies to resume normal operations with minimal downtime.

Organisations, both local and international, are changing their cyber security strategies to meet the demands of the digital era, with rapid response emerging as a pivotal component. Essentially, rapid response services aid businesses in containing and neutralising threats swiftly, safeguarding sensitive data and ensuring business continuity. For local companies facing unique infrastructure and resource constraints due to widespread geographic operations, rapid responses can be the difference between a minor disruption and a major crisis.

When responding to an active threat, the time between the initial indicator of compromise and full threat mitigation must be as brief as possible As a malicious cyber threat progresses through the ‘kill chain’, it becomes a race against time to ensure the threat is unable to achieve the objective. For example, Sophos Rapid Response has a 24/7 team of remote incident responders, threat analysts and threat hunters to fulfil this role.

A rapid response approach not only effectively contains cyber attacks but is also cost-effective. Traditional incident response services are priced hourly. Invariably, companies underestimate the time required to fully mitigate a threat. This leaves them open to having to purchase additional hours. Cynics might also argue that an hourly rate incentivises incident response service providers to maximise the number of hours it takes to deal with the threat.

To overcome this, Sophos Rapid Response offers a fixed-fee pricing model with no hidden costs. Instead, the model is determined by the number of users and servers within the business environment. In addition, as this service is delivered remotely, an organisation can start benefiting from response actions immediately. Time is not a factor in determining costs. The focus is fast-tracking the organisation out of the danger zone as quickly as possible.

This fixed-fee pricing model is particularly suitable for the South African market with many companies having limited budgets allocated to their cyber security spend. Additionally, this model provides transparency and predictability in costs, allowing businesses to manage their costs more effectively while still ensuring top-tier security measures are in place.

Given how advanced technologies are contributing to a rapidly evolving cyber threat landscape, it is a matter of when rather than if a breach will occur. This makes incident response a must-have service to integrate within any cyber security strategy. Companies locally must move towards taking a proactive stance in dealing with cyber threats.