Latest news with #incidentresponse
Yahoo
2 days ago
- Business
- Yahoo
OPINION: Convergence in the modern incident management family
In the early years of enterprise computing, a digital breach or system failure was an internal affair. The affected organization responded as best it could. Processes, if they existed at all, were fragmented. Coordination lacked structure. Lessons, when learned, rarely extended beyond the IT department. With tears and sweat, many of us fought at the forefront of this uphill battle over the past 25 years. Fast forward to the present. A modern cyber incident typically triggers a network of stakeholders. A cyber insurance policy (a relatively recent addition of the last 15 years) may be activated. A breach coach (a role that did not exist a decade ago) can step in to manage legal positioning and privacy obligations. A forensic firm may be engaged to determine the root cause. External counsel advises on liability and auditors examine control effectiveness, process adequacy and regulatory exposure. For many organizations, some or even most of these roles are outsourced. IT operations, cybersecurity monitoring, legal counsel, forensic analysis and public communications are often handled by external providers. This introduces another layer of complexity. Organizations must coordinate a constellation of third parties, each with its own mandate, service level and toolset. This situation calls for a shared approach; one that enables participants to contribute meaningfully; one that supports collaborative documentation of facts and clearly defined roles, real-time coordination, post-event accountability and structured, accessible reporting. Easier said than done; but this is precisely what distinguishes incident management from incident response. Incident response remains essential. It focuses on identifying malicious activity, improving defensive controls, and restoring systems. Its scope is technical and tactical. But in today's regulated, data-centric corporate world, and with threats evolving in sophistication every day, deeper and broader business coordination is required. Incident management represents a broader model. It integrates legal, operational, reputational, regulatory and insurance considerations, among other business functions. It aligns leadership, ensures continuity and provides unified direction. Where response teams expertly isolate malware, identify critical vulnerabilities, deploy corrective security controls and rebuild the services, management teams shape the timeline, set priorities, assign authority, coordinate stakeholders and preserve strategic coherence across the entire event lifecycle. When response efforts are fragmented and confusion sets in, costs escalate rapidly. According to the U.S. National Association of Insurance Commissioners (NAIC), the United States accounted for 59 per cent of the $16.66 billion in global cyber insurance premiums written in 2023. These figures speak clearly of the value at stake and they continue to rise year after year. In our experience, a significant portion of this underwriting has rested on unstable ground. Risk assessments were often declarative, with limited opportunities for independent verification. Control maturity was assumed rather than demonstrated. Beyond producing an incident response plan, few organizations could show how they would actually coordinate decisions, preserve evidence or communicate effectively across internal and external teams during a live event. This lack of structured readiness has led to prolonged investigations, delayed reporting, strained collaboration and higher payouts when risks materialized. Insurers, in turn, have responded by shifting more of the burden onto clients through narrower coverage terms and rising premiums. Another often overlooked consequence of difficult incident response cases is the human toll. Employee morale, burnout and turnover (especially within IT, legal and communications teams) can degrade internal cohesion long after the crisis is over. These indirect impacts are frequently underestimated, yet they affect organizational health in very direct and lasting ways. The World Economic Forum, in its Global Cybersecurity Outlook 2024, reports that 72 per cent of business leaders observed a rise in cyber threats over the past year. These include ransomware attacks, supply chain compromises and financially motivated extortion. The scope of cybercrime continues to expand. It affects not just digital infrastructure, but also trust, compliance, revenue and public confidence. Some estimates cited by the WEF place the global cost of cybercrime above $10 trillion annually by 2025. The precise figure matters less than the trend. These numbers exceed the GDP of most countries. Cyber events are no longer isolated technical failures. They are systemic risks to business and governance. Crisis coordination cannot be invented in the moment. It must be designed in advance and tested under realistic conditions. Crisis simulations and tabletop exercises should mirror the workflows used in live events. Preparation must go beyond checklists. It should reflect how teams document facts, assign responsibility, communicate in real time and make defensible decisions under pressure. Well-rehearsed structures build clarity and confidence. They also reveal weak points in communication, authority and coordination long before those weaknesses are exposed by a real incident. The current landscape demands purposeful and repeatable coordination. The complexity of today's incidents has exposed the limits of disconnected efforts and loosely aligned teams. Without a shared and structured framework that empowers stakeholders across the response ecosystem, the legacy wounds of past incidents will remain unhealed. These include technically isolated actions, fragmented collaboration, unclear priorities, slow recovery and inconsistent reporting. Convergence is the necessary cure. It reduces friction, aligns decision-makers, and brings operational threads into focus. When implemented with care, it turns incident management into a discipline that is effective, efficient, cost-aware and strategically valuable. Convergence requires both human commitment and enabling structure. First, it depends on critical human factors. Goodwill, communication and organizational empathy are absolutely foundational. Each participant brings valid goals and constraints. Understanding and respecting those differences is what makes collaboration functional. Now in smaller incidents, this alone may be sufficient. But at scale, good intentions will not be enough. When coordination must stretch across departments, vendors, time zones and regulators, structure becomes essential. Common and relevant office tools such as emails, online chats and tracking spreadsheets go a long way, but lack the flexibility, precision and visibility required for serious incident management. They offer no version control, no shared source of truth and no reliable audit trail. Under pressure, they generate confusion instead of control. What is needed is a common digital environment tailored to incident management. It must be trusted, structured and available to all relevant participants. It should support live coordination, reliable documentation, distributed decision-making, convenient reporting and traceability from beginning to end. When that foundation is in place, teams stay aligned, records stay intact, cases progress quickly and decisions hold up under scrutiny. And when your organization reaches the point where such a toolset becomes necessary, you will find people ready to help. They will bring the experience, discipline and commitment required to make that convergence real and to make it work with you. Jean-Simon Gervais is the owner of Fullblown Security Consulting and creator of Breach Commander | Unified Incident Management. This section is powered by Revenue Dynamix. Revenue Dynamix provides innovative marketing solutions designed to help IT professionals and businesses thrive in the Canadian market, offering insights and strategies that drive growth and success across the enterprise IT spectrum. Sign in to access your portfolio
Yahoo
5 days ago
- Business
- Yahoo
WireX Systems and Brown & Brown Announce Strategic Collaboration to Advance Cyber Risk Management and Insurance Outcomes
SUNNYVALE, Calif., June 17, 2025 /PRNewswire/ -- WireX Systems is pleased to announce a strategic collaboration with Brown & Brown to combine its industry-leading cybersecurity solutions with Brown & Brown Risk Solutions' evidence-based risk identification, quantification, and financing process to deliver enhanced risk management and insurance outcomes for their customers. WireX Systems is redefining incident response by providing instant, easy-to-understand answers to the most critical post-incident questions—what data was accessed, and how. Trusted across industries including finance, healthcare, insurance, utilities, manufacturing, government, and technology, the company empowers even junior team members to investigate faster, reduce dwell time, and quickly uncover an incident's full scope and impact. Brown & Brown, Inc. (NYSE: BRO) is a leading insurance brokerage firm providing enhanced customer-centric risk management solutions since 1939. With a global presence spanning 500+ locations and a team of more than 17,000 professionals. The Risk Solutions business has a dedicated, highly specialized cyber insurance team that acts in an advisory capacity to deliver innovative cybersecurity risk solutions to customers. Through this collaboration, Brown & Brown and WireX Systems will look to combine WireX Systems cybersecurity and incident response expertise with Brown & Brown's leading analytics and brokerage capabilities to deliver better outcomes for customers. The goal: empower organizations to respond to incidents with speed and clarity, while also translating their cybersecurity maturity into measurable financial benefits. "By looking at the balance sheet risk of loss a firm has based on its cyber maturity, it allows decision makers to assess their investments, the insurance limits they purchase as part of an overall risk tolerance discussion," said Bill Daly, COO of Brown & Brown Risk Solutions. WireX Systems brings the technical foundation to support that strategy—enabling security teams to move fast, cut through alert noise, and get definitive answers during an incident—what happened, how it happened, and what data was impacted. "By partnering with Brown & Brown," says Tomer Saban, CEO of WireX Systems, "we're turning that operational clarity into meaningful insurance outcomes—reducing residual risk and helping ensure premiums reflect real-world cyber maturity." This joint effort gives organizations a clearer lens into cybersecurity ROI, bridging the gap between technical readiness and financial resilience. View original content to download multimedia: SOURCE WireX Systems Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
5 days ago
- Business
- Forbes
CrowdStrike And AWS Join Forces To Simplify Security Incident Response
Security teams need speed, not friction—CrowdStrike and AWS now deliver incident response at the ... More click of a button, right where cloud operations already live. CrowdStrike and AWS have launched a new service aimed at reducing the friction and complexity of cloud security incident response. The offering, CrowdStrike Falcon for AWS Security Incident Response, allows AWS customers to activate CrowdStrike's threat detection and remediation tools directly within their AWS environment. I spoke with Daniel Bernard, chief business officer at CrowdStrike, and Hart Rossman, director of security incident response at AWS, about this announcement. They framed it with a very simple premise: if an organization faces a security incident, help is just a click away. 'How cool is it that in the AWS console in the Security Center, you can click a button and have a cyber expert at your beck and call?' said Bernard, chief business officer at CrowdStrike. 'You might not even be a CrowdStrike customer yet. One click, and you're in a whole different, better place on security.' AWS customers can spin up Falcon for AWS Security Incident Response on demand, even in the middle of an incident, and get immediate access to endpoint protection, threat intel, and identity security services. According to the press release Falcon for AWS Security Incident Response dramatically improves the ability to stop breaches. 'Organizations detect 96% more threats in half the time and investigate incidents 66% faster.' 'It's about helping customers at the point of need,' shared Rossman. 'Time to response and remediation is really the goal here—to get customers from a bump in the night to 'everything's all right' in as few clicks as possible.' That speed and simplicity are critical in today's threat environment, where the time between detection and damage can be measured in minutes. While the service shines in moments of crisis, both AWS and CrowdStrike say it's designed for day-to-day use as well. By continuously assessing posture and enabling always-on protection, Falcon for AWS Security Incident Response delivers ongoing value beyond incident triage. Rossman emphasized that cloud security today is no longer about sifting through dashboards. It's about integrating protection directly into the way modern businesses operate. 'Security operations are changing,' he said. 'You're not looking in the rearview mirror anymore. This puts security in your hand every day—not just during an emergency.' Bernard stressed that CrowdStrike was born in the cloud, built on AWS, and designed from day one to bring intelligence-driven cybersecurity to the modern enterprise. With this new service, that shared origin story between the two companies now enables a new level of security integration. 'This isn't just best-of-breed,' said Bernard. 'It's best-of-breed that's also easiest to use. We're not forcing anyone into a walled garden. It's an open pasture—with all the benefits of a tightly integrated experience.' AWS customers can procure the service directly through the AWS Marketplace, using their existing spending commitments. There's no need for separate procurement or custom deployment. For many organizations, the cloud journey has created both opportunity and complexity. The patchwork of tools and services needed to secure hybrid and multi-cloud environments can add operational overhead and leave gaps in visibility. This new offering is designed to remove those barriers. 'This is a capability that is very unique and bespoke to what AWS offers,' Bernard explained. 'It streamlines access to help. And that's something both of our companies—being customer obsessed—really rally around.' By embedding CrowdStrike's Falcon platform directly into the AWS incident response workflow, customers gain not just a tool, but a strategic advantage: faster remediation, continuous protection, and a more unified security experience. As enterprises push deeper into the cloud, their security must be just as agile. Waiting until after a breach is too late. This service empowers organizations to act faster, with fewer roadblocks. It's cloud security that 'just works,' as Bernard put it—and in cybersecurity, that's often the hardest thing to achieve.
Forbes
6 days ago
- Business
- Forbes
Why Measuring Maturity Is Critical To Cyber Resiliency
James Blake is the Vice President of Cyber Resiliency at Cohesity and has over 30 years of experience as a CISO and in incident response. getty I often say that cyber resilience isn't something you can buy—it's an emergent property, the result of an organization taking the appropriate preparatory and operational steps to withstand a cyberattack. I once worked for a CEO whose boilerplate answer to any problem was to back a proverbial truck full of money into it—dumping dollar bills until the issue disappeared. He was used to traditional business continuity and disaster recovery scenarios, and he grew increasingly frustrated when "those cyber guys" couldn't give him a clear answer about how long systems would be down. This CEO was used to disruptions with obvious root causes: natural disaster, equipment failure, power loss or misconfiguration. Recovery in those cases was largely predictable—restoring operations en masse in the same or an alternate environment. You just needed to understand interdependencies and calculate speed—of network, storage and backup. Recovery time objectives (RTOs) and recovery point objectives (RPOs) could be measured and tested. But cyber incidents—especially large-scale destructive ones like ransomware or wiper attacks—are different. Attackers choose from hundreds of techniques across MITRE ATT&CK's 14 tactics. They disable end-point controls using vulnerable device drivers, hide in plain sight with legitimate IT tools, and rapidly weaponize and exploit vulnerabilities through Ransomware-as-a-Service platforms—faster than most organizations can patch. Did the attacker pivot through one machine or 50? If each machine could be a beachhead for reattack, investigation and remediation timelines vary wildly. Recovery could involve patching, configuration rollbacks, new controls, rotating credentials—all of which take time. How much time? Unfortunately, the adversary is often the one in control of that timeline. This lack of definitive timelines makes business leaders uneasy, but it's the reality we live in. Ironically, I've found that organizations with the most rigid RTOs are often the least prepared. They recover too quickly, skip remediation and are just as quickly reinfected or reattacked. Once we clarified the difference between business continuity, disaster recovery and secure cyber recovery, the CEO began to see that the headcount and spending were only part of the solution. What worked better? Planning. Cross-functional collaboration. A phased, pragmatic improvement plan. In short, maturity. Achieving cyber resilience isn't just about deploying the latest-and-greatest technology. It's about operationalizing that technology—building the appropriate workflows, processes and muscle memory so everyone knows their role when the inevitable attack happens. If we want to shorten those unpredictable recovery timelines, resiliency is our best tool. Think of cyber resilience as a chain—made up of technology, people and process. Each link matters. As the saying goes, a chain is only as strong as its weakest link. Any weak point—alert monitoring, threat hunting, vulnerability management, backup protection, digital forensics, incident response, logging, authentication, tabletop exercises, control tuning and threat intelligence—can degrade overall resilience. Yet organizations often launch massive projects to fix just one aspect, while ignoring another that is a dumpster fire. Modest improvements to the weakest link usually yield more value than myopic focus on perfecting a single, siloed initiative. Recent headlines show that organizations with massive cybersecurity budgets still suffer significant impacts from ransomware damage. That should be a wake-up call: It's not just about increasing spending and hiring more people. It's about applying those resources where they will measurably increase cyber resilience. The only way to do that? Step back, measure the relative maturity of each capability in your cyber resilience chain, and keep measuring as you evolve. That is how you avoid discovering—too late—that the chain was always going to break at the weakest link. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
National Post
11-06-2025
- Business
- National Post
LevelBlue Agrees to Acquire Aon's Cybersecurity & IP Litigation Consulting Groups
Article content − The Cybersecurity and Intellectual Property Litigation consulting solutions, Stroz Friedberg and Elysium Digital, bolster and expand LevelBlue's Global Cyber Risk and Incident Response Capabilities − Aon will continue to deliver leading cyber brokerage capabilities through the firm's Cyber Solutions group, CyQu platform and Cyber Risk Analyzer to serve clients' growing cyber broking needs DALLAS & DUBLIN — LevelBlue, a global leader in cloud-based, AI-driven managed security services, has signed a definitive agreement to acquire Aon's Cybersecurity and Intellectual Property (IP) Litigation consulting groups, which include recognized cybersecurity firm Stroz Friedberg, and Elysium Digital, which is renowned for technology-related IP litigation matters. This acquisition represents a significant step in LevelBlue's growth strategy by adding deep cyber and high-tech IP litigation consulting expertise and world-class incident response capabilities to its expanding global portfolio. Financial terms were not disclosed and the acquisition is subject to customary closing conditions. Article content With this acquisition, LevelBlue gains a globally recognized cyber and IP litigation consulting platform that includes a team of approximately 300 technology professionals with strong relationships across Fortune 500 enterprises, 80 percent of the Am Law 100 and a majority of Top 20 law firms in the UK. The integration of consulting solutions complements LevelBlue's 24/7 managed detection and response services, creating a comprehensive cybersecurity risk management offering that addresses both digital risk protection and incident response, positioning LevelBlue to become the largest independent pureplay Managed Security Services Provider (MSSP) globally. Article content 'Cyber resilience is crucial for organizations of all sizes,' said Robert McCullen, Chairman and CEO of LevelBlue. 'By combining LevelBlue's exceptional cloud-based, AI-driven managed detection and response platform with Stroz Friedberg's proactive cyber consulting and advanced digital forensic and incident response capabilities, we're introducing the industry's most comprehensive unified cybersecurity services platform. This platform will not only strengthen clients' defenses preemptively, but also empower them with deeper insights and faster incident resolution. Together, we're helping organizations stay ahead of emerging threats and recover with greater speed and confidence.' Article content 'We are thrilled to join forces with LevelBlue,' said David Yaches, CEO of Cyber Solutions Security Consulting at Aon. 'Our teams are aligned in mission and values, and this acquisition will allow us to serve clients with an expanded suite of cyber solutions and deeper technical expertise.' Article content Aon's Cybersecurity consulting group is also recognized as a clear leader in the 2024 Forrester Wave™ for Cybersecurity Incident Response Services by providing organizations with a comprehensive range of cyber resilience services designed to help them prepare for, withstand and recover from cyber incidents. Its cybersecurity risk management portfolio covers adversary simulation, penetration testing, incident response planning, real-time breach response, and digital forensics. With deep technical expertise and proven methodologies, Aon's Cybersecurity and IP Litigation consulting groups assist clients in strengthening their operational readiness, protecting their critical digital assets, and minimizing the impact of cyber events and accelerating recovery times. Article content 'The incredible cybersecurity readiness and response capabilities of Aon's Cybersecurity consulting group, including the esteemed heritage of the Stroz Friedberg legacy, brings highly valued expertise to LevelBlue,' said Mike Troiano, LevelBlue Board Member and Head of AT&T Business Products. 'We expect this acquisition to significantly enhance the strategic cybersecurity services delivered globally by LevelBlue to AT&T's government and enterprise customers.' Article content As part of this transaction, Aon and LevelBlue will also establish a strategic relationship to collaboratively offer their respective services to clients in a holistic manner. This acquisition underscores LevelBlue's commitment to simplifying cybersecurity through award-winning managed services, strategic consulting, real-time threat intelligence and industry-renowned research, seamlessly integrated with its global operations and operational expertise to deliver solutions that help organizations of all sizes achieve their unique cybersecurity outcomes. Article content 'Cyber remains a top risk category for our clients,' said Christian Hoffman, Global Specialty & Financial Products Leader at Aon. 'Aon will continue to deliver leading cyber brokerage capabilities through our Cyber Solutions group, CyQu platform and Cyber Risk Analyzer to serve our clients growing cyber broking needs.' Article content According to Christina Richmond, Principal Analyst at Richmond Advisory Group, 'This is a highly strategic acquisition for the cybersecurity services market. LevelBlue will strengthen its position at the intersection of managed security and cyber consulting services. By acquiring leading cybersecurity and IP litigation consulting capabilities, the combined organization is now better positioned to proactively enhance organizational resilience. The strategic relationship with Aon bolsters LevelBlue's posture with cyber insurers and adds highly complementary risk analysis and advisory services.' Article content Santander is serving as financial advisor and Kirkland & Ellis LLP is serving as legal advisor to LevelBlue. Lazard is serving as financial advisor and Latham & Watkins LLP is serving as legal advisor to Aon. Article content About LevelBlue Article content We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it. Article content We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence; this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risk, so you can focus on your business. Article content About Aon Article content Aon plc Article content (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that protect and grow their businesses. Article content Article content Article content Article content Article content Contacts Article content Media Contact: LevelBlue Media Contact Jessica Bettencourt Inkhouse for LevelBlue levelblue@ (774) 451-5142 Article content Aon Media Contact Article content Article content Will Dunn Article content Article content Article content
