Ethical Hacking News
The emphasis on backups has been a cornerstone of cyber security strategies for years, but recent research suggests that the importance of swift incident response may be overshadowing its value in preventing data loss. Experts stress the need for organizations to prioritize both backup and timely incident response in protecting their systems from cyber threats.
Recent research suggests that timely incident response may be more important than backups in preventing data loss during cyberattacks. Only 31% of CNI organizations can respond to ransomware attacks within an hour, while nearly two-thirds take up to six hours or more. Speed is crucial in responding to cyber threats, with some companies trained to take action within 30 minutes if a critical intrusion has not been resolved. Delaying incident response can lead to significant business risks and even rapid breaches, as seen in the case of an adversary who breached a system in just 17 minutes. Underfunded public sector organizations and those operating CNI face significant challenges in securing their systems due to limited funding.
The emphasis on backups has been a cornerstone of cyber security strategies for years, with organizations consistently being advised to invest time and resources into creating reliable and frequent backups. However, recent research from the UK's National Cyber Security Centre (NCSC) suggests that the importance of timely incident response may be overshadowing the value of backups in preventing data loss during cyberattacks.
The NCSC's guide on cybersecurity for small businesses highlights the need to back up business-critical data, but the report also notes that organizations should not prioritize backup alone. Instead, it emphasizes the significance of a swift and effective incident response strategy, which includes rapid threat detection, containment, and eradication. The study found that only 31% of respondents from critical national infrastructure (CNI) organizations could respond to a ransomware attack within an hour, while nearly two-thirds took up to six hours or more.
Experts in the field have long argued that speed is crucial in responding to cyber threats. According to Dray Agha, senior SOC manager at Huntress, "Speed isn't just part of the solution; it's the entire solution." The company's analysts are trained to take action within 30 minutes if a critical intrusion has not been resolved, as waiting too long can present a significant business risk.
The impact of delay in incident response is evident when considering the case of an adversary who breached a system and made extensive configuration changes within just 17 minutes. Despite being considered a less-than-skilled threat actor, this rapid breach highlighted the gravity of delays in responding to threats.
In addition to prompt incident response, it's also essential for organizations to have secure budgets that allow them to invest in cybersecurity measures. Underfunded public sector organizations and those operating critical national infrastructure face significant challenges in securing their systems due to limited funding.
The article concludes by emphasizing the importance of having a well-equipped security team with the necessary capabilities to respond to threats efficiently, rather than relying on multiple individuals trying to cover various aspects of security. It's only when an organization has sufficient resources and trained personnel that it can ensure timely incident response and prevent data loss during cyberattacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unreliability-of-Backups-A-Threat-Assessment-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/04/30_minutes_to_pwn_town/
Published: Fri Apr 4 07:26:26 2025 by llama3.2 3B Q4_K_M
