From Remediation to Transformation

From Remediation to Transformation

IBM’s 2021 Cost of Data Breach report[1] showed that for another consecutive year, business is booming- for criminals, that is. The rate of occurrence and cost of data breaches are up. Notably, the average cost to perform post-breach response (i.e., evidence collection, investigation, remediation) rose to $1.14 million. Against this backdrop of increasing criminal activity, Kivu Consulting has executed more than 3,500 engagements worldwide, establishing itself as the leading advisor to clients on the topic of ransomware response. One of our key lessons learned is that organizations must prioritize security improvement in the wake of an incident – and we’re evolving our approach to serving our clients to provide more support in this area.

The risk of responsive restoration

Kivu’s Post Breach Remediation team has excelled at restoring normal IT operations for clients in the wake of ransomware attacks, routinely getting systems back online in hours or days. But response at this speed has one very significant drawback- the risk of recurrence. Often, the investigation of an incident hasn’t concluded when impacted systems are returned to production. This means that the recovery team may not have identified and fixed issues that allowed the incident to occur in the first place. The tradeoff for the organization in assuming this risk (i.e., the risk that the same incident could happen again) is that they can minimize business interruption expenses. Unfortunately, as incident costs continue to rise, this tradeoff no longer makes financial sense in many cases.

Recovery and Transformation

In recognition of this development, Kivu has established the Recovery and Transformation team to update its approach to serving clients in the wake of an incident. First, our post breach remediation teams will place more emphasis on establishing cyber hygiene as a part of rapid recovery support. To do this while also remaining responsive, we’re updating our toolkit and procedures to ensure that restored systems are re-deployed into client environments using the lowest risk configurations possible for the environment. We’ve often observed that clients are not fully utilizing the security capabilities of software and devices that they already have in-house. So, our focus will shift to helping clients use their existing resources more effectively to mitigate the risk of future attacks.

Additionally, our team will emphasize remediation and implementation support for our clients outside the scope of an active breach response. Many organizations have historically under-invested in cybersecurity, implicitly accepting the risk of an attack as the lowest cost option. The rapid growth in the costs of damaging attacks worldwide makes this an increasingly unattractive option. By analyzing the outcomes of thousands of incidents to which we have responded, Kivu has developed deep insight into the tactics and techniques employed by today’s most prolific threat actors. Because of this, we’re uniquely positioned to provide our clients with timely input on the right controls and capabilities to deploy to maximize their defenses.  We can also use these insights to help our partners in the cyber insurance industry make better decisions about cyber risk and to support their policyholders.

As hackers become more sophisticated and organized, traditional approaches built to meet yesterday’s security standards are not enough. After any security incident, large or small, there is an opportunity to build back better. And Kivu’s recovery and transformation team is committed to going beyond the traditional bounds of recovery to transform clients for a more resilient future.

[1] Cost of Data Breach Report 2021, IBM Security