I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either.

I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual culprits were there: ideate (is that even a word?), influencer (code for someone who likes the sound of their own voice?) and snackable content (I’d rather have potato chips, thank you).

But there was one word on there that I was surprised to see — and I disagreed with its place on the list: partner.

Much of the reason, I suspect, that I took issue was because I lead the X-Force Incident Response team. I know that when it comes to cyberattacks, even the most well-staffed security team needs a trusted partner. Not just when the attack hits, but before. At the planning stage, creating and rehearsing the playbooks and finding the vulnerabilities before the criminals do. That’s when a partner matters most.

If nothing else, the events over the past 24 months have shown us that having a trusted partner is more important than ever. The number of annual ransomware incidents my team remediates has been on a steady climb: 20% growth in 2019, 23% in 2020, and, most likely, a higher percentage in 2021.

Adding to that, this year the U.S. administration issued an executive order designed to improve the nation’s cybersecurity. While details are still being developed, it’s pretty clear there are sweeping changes ahead — and they will likely have a global ripple effect.

Choosing the right trusted partner in a complex labyrinth of global disruption, government mandates and increasingly aggressive and sophisticated threat actors can seem overwhelming. The good news is IDC may have done much of the footwork for you. IDC recently released the IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, which evaluates vendors and positions them as a leader or a major player in incident readiness.

There are five important attributes and vendor capabilities that IBM feels can help make a trusted partner for organizations. Those attributes are:

1. Employee Strategy

Diversity. Organizations should evaluate vendors that can deliver a comprehensive readiness and incident response (IR) approach. From boots on the ground incident responders, to thought leaders who can develop exceptional educational content and front-of-room trainers who can deliver believable immersive experiences; The vendor should have experts who have experienced cyberattacks in many situations, so they know what to include in your organization’s plans, playbooks and training guides — and how to respond during a live incident.

2. Portfolio

Bespoke. When it comes to incident preparedness, off-the-shelf is insufficient. Every organization has a unique structure and strategy, and a different set of data that is critical to their operation. A meatpacking plant is going to need a different plan than a medical center — and your plans need to reflect those needs. The portfolio offering should be varied and tailored to your specific requirements.

3. Delivery

Education. The incident readiness delivery team must be match-fit professionals working on the latest breaches, attending the best industry training courses, and must hold up-to-date certifications. The team should regularly attend personal incident readiness and incident response training to better understand and appraise the experience they are delivering. The preparation and education of your organization’s staff should include all business stakeholders, including IT, Security Leads, Legal, Communications/PR, HR and C-level executives.

4. Functionality

Industry Knowledge. Whether you are preparing policy, training your staff, or testing your services; the incident readiness provider you evaluate should be knowledgeable of your industry. They need to have research capabilities that can keep them ahead of the threat actors’ tactics and techniques. With procedures and the flexibility in place to offer their services to you match the layout of your organization.

5. Pricing

Flexibility. Pricing should be both flexible and affordable. Your incident readiness services provider should offer a roadmap of services to you with its long-term pricing upfront including the option to purchase in one transaction or spread your payments over several years if necessary (depending on how long the roadmap is). This roadmap should ideally include a retainer that provides proactive services that covers planning, preparing and exercising your response.

Ultimately, you need to choose a partner that you trust — hence the phrase “trusted partner.” Do it now, before an attack happens so you don’t end up choosing the first one that comes along. Take the time to choose the right one.

IBM was named as a leader in the IDC MarketScape because we offer a fast delivery of services at a low cost, with high value, and a vast portfolio of IR capabilities to help organizations build cyber resilience. These are qualities that matter in a trusted partner when it counts most.

In the cybersecurity world, I don’t think the term “partner” is a business cliché at all. I think it’s an absolute necessity.

Download the IDC MarketScape for Worldwide Incident Readiness Services 2021 report excerpt to find out how your organization can improve its incident readiness, register for our webinar Building Cybersecurity Muscle Memory for Effective Incident Response and learn more about IBM Security X-Force.

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today