3 questions to consider to lower security incidence response times

It’s common knowledge that most IT security professionals devote the majority of their time to finding resolutions to the latest attacks affecting their customers. What they spend less time on is how they reach that resolution.

Here are three questions you need to answer to lower your incident response times and ensure customers continue to trust your brand as a safe resource for their banking needs.

Question I: How well do our tools support our work?

The importance of having an incidence response plan cannot be overstated, but it’s equally important to have the right set of tools in place to support your team’s ability to respond quickly.

Unfortunately, most financial services organizations still depend on manual methods and legacy tools to categorize and prioritize incidents. Running your entire threat management system from various spreadsheets and disparate systems won’t only slow you down — it increases the likelihood that your customers will find out about the threat before you resolve it. Thanks to social media and the fast spreading of information, IT teams now have even less time to come up with a solution and craft a polished response.

Question II: How does my team communicate best?

Responding quickly to anything — whether it’s a literal house on fire or a breach that compromises customer data — requires good teamwork and communication.

Think about a time when teams at your organization worked together well. What enabled smooth communication, and what hindered it? I’ve noticed many folks being held back by their inability to find the right piece of information in a long chain of emails, for example.

Having people on your team who communicate well is just as critical as having people who are skilled at solving problems. When you consider adding a new team member, try to assess how well they perform and communicate under pressure to make sure they will add to the team’s skillset.

Question III: What processes slow us down?

Sometimes processes have been in place for so long that we forget to question how well they perform. When a new security incident is discovered or a new type of malware gets released, what happens next and why?

Perhaps one team has always been the first to respond, but maybe their skill set has changed and the organization would benefit from having a different set of workers be first on the scene. By taking a deep dive into your processes, you can start to make changes that will help speed up your response times.

If you’d like to learn more, take a moment to download and read our recent report, “Accelerating Security Response: How Financial Institutions are using Service Now for Security Operations.”  If you find the report interesting, please reach out to me on LinkedIn, and I’d be thrilled to discuss further.

Brian Retzlaff, Executive Consultant, Financial Services at ServiceNow