Is it naïve of us to think we can ever be perfectly secure? Whether it’s physically or digitally there is always a risk that something bad is going to happen. To protect ourselves physically we install alarms, locks, buy safe cars, have automatic lights, cameras, firearms, etc. These don’t eliminate risks but give us a reasonable sense of safety and we go about our normal daily business. For digital security we install endpoint protection, anti-spam, anti-malware, firewalls, IDS, IDP, and DLP, etc. and go about our normal daily business.
But what happens when these controls fail and we are attacked or injured? For our physical side we have police, fire, ambulatory services, hospitals and doctors that are there to help us after the incident. We buy health, life, and disability insurance, we pre-prepare for what happens post incident. We create an entire support system to back us up.
For our digital side shouldn’t we do the same? Yes, there are public organizations and pay for organizations available for us to get notifications and assistance on a large scale, like US-CERT, FBI, NSA, FS-ISAC etc. but these are either notification or criminal reactionary. For other incidents we should have a type of “insurance” that provides us with the “health care” professionals we need in the event of a digital incident. A team people experts that can assist with triaging and remediating both during and post incident.
I think we can all agree that we do a better job protecting our physical security than our digital security. If so, don’t we need stronger incident response protection for our digital life?