How our cyber incident response team strives to stay one step ahead with innovation
A strong cyber incident response capability is a top business priority for organizations to have to defend against ever-changing cyber threats and proactively enhance readiness.???
The business need for this important capability has been taken to heart at Accenture. We’ve built a robust, global cyber incident response team (CIRT) that is today a core component within our company’s Information Security organization. It acts as an important line of defense against ever-changing cyber threats, responding to incidents and investigating, collaborating with key areas of?Information Security to strengthen Accenture’s cyber resilience, and implementing innovative and proactive industry-leading practices.
We’ve organized our CIRT into six specialized teams which include the Accenture Security Operations Center (ASOC), Data Loss Prevention (DLP), Infrastructure, Threat Hunting, Monitoring, and Response & Investigations. (For more about security forensics and investigations, listen to this podcast with Paula Wlos, Americas and Europe investigations lead for our cyber incident response team.)?
Innovative industry-leading practices??
Crises will happen. An effective response is critical to managing cyber risk. Every organization wants to be one step ahead. To this end, our CIRT seeks to adopt innovative processes, technologies, and practices to stay ready to detect cyberattacks. Here are some innovations that I’d like to highlight:?
Modern collaboration platform?
We are moving our ASOC capabilities onto a modern, AI-enabled collaboration platform. This change is designed to enable us to use AI and LLMs to enhance communication, reporting, and efficiency, enable automation to augment our people, streamline collaboration across cases, and speed up response times.??
AI-bolstered defense?
As I’ve posted about previously, I’m super excited about the potential of AI and gen AI for fundamental change in the cybersecurity space. Accenture research findings from cyber-resilient CEOs indicate automated threat detection, cyberattack simulation scenarios, and manual security task augmentation as their key uses of gen AI for cyber defense.??
Adoption of AI technologies will only continue to accelerate, and we are keenly following developments. To date, we’ve automated the generation of incident reports and are using AI to evaluate trends across incident responses, saving our security analysts tons of time and making them more efficient in understanding attacks.?
Capture the Flag competition?
领英推荐
Many organizations hold Capture the Flag competitions. One of our expert team members designed a recent such training exercise that consisted of 21 challenges, each a puzzle, that fit Accenture’s incident response scenarios. The goal was to find the “flag,” a piece of embedded code. Our people tried out new tools, techniques, and investigative methods to solve the challenges, and in the process, built their technical skills and knowledge … along with producing a winner.
TTP exercise?
We regularly strengthen our defenses by understanding the latest tactics, techniques, and procedures (TTPs) threat actors use, then replicating these TTPs through software. Through this exercise, we simulate malware that we then create effective hunt rules around. This allows us to identify and reduce our exposure and risk to these tactics, especially since targets include widely used apps and crypto wallets.?
Cyber crisis workshops?
We conduct cyber incident response training workshops for Accenture’s senior leaders. This training builds off our incident response key learnings and best practices, helping non-security leaders prepare for, and in the case of an incident, manage their areas of responsibility. ?
Deepfake training?
We launched deepfake training this year for all Accenture people and conduct social engineering deepfake testing. We also conducted a tabletop exercise for Accenture’s finance function.?
Staying one step ahead?
In addition to the core cyber incident response capabilities, organizations need to continuously assess and enhance their cyber resilience with innovative processes, technologies, and practices to rapidly detect, prevent, and eliminate cyber threats as quickly as possible. Doing so will help minimize damage to systems, data, finances, and brand reputation.??
To enhance your organization’s cyber readiness, check out Accenture’s The Cyber-Resilient CEO. The research studied the cybersecurity practices of 1,000 CEOs of large organizations to better understand what it means to be a cyber-resilient leader. It identifies three issues that continue to challenge CEOs today and practical steps they can take to build resilience.
Cybersecurity Legal Counsel
1 个月Greatest team. Nicest people.
Cybersecurity Janitor
1 个月Thanks for the share, Kris! I'd love to hear more about how Accenture might be working with their responders to reduce burnout, especially across a global team. This industry can be tough but building in some fun teambuilding and safe environments to grow sounds like a great start for other organizations to potentially adopt.
Owner, Founder, and CEO at CyberRiver | AI+ML | SaaS | Starting a non-profit for Myasthenia Gravis for my mom and others battling!
1 个月By capturing the power of the worlds' most advanced AI and ML Open-Source technologies and harnessing them to supercharge our CyberRiver XDR platform we are in control of the most up-to-date cybersecurity methods in existence and can KEEP UP WITH THE EVER-CHANGING THREAT LANDSCAPE OF CYBER SECURITY. Our user-interface displays the most important security information and Indicators of Attack in an easy-to-read format that optimizes machine and human collaboration.
Owner, Founder, and CEO at CyberRiver | AI+ML | SaaS | Starting a non-profit for Myasthenia Gravis for my mom and others battling!
1 个月Great read Kris Burkhardt! It's fantastic to read that you guys at Accenture are adopting new AI technologies as well as training large groups of security analysts paired with the threat hunting, incident response etc. cybersecurity experts to bring a combination of humans and machines to the forefront of cyber defense. My company CyberRiver is days away from launching our highly-anticipated XDR platform along with our MDR services/SOCaaS and CMMC Assessments for the Federal government sector so I am a huge advocate for human and machine operating together and yielding the best possible performance and protection. Our XDR platform at CyberRiver is incredible and words fail to describe its' power that has been brilliantly forged for cyber defense. Since people reading this may not know, XDR uses AI and ML to detect cyber threats ACROSS THE ENTIRETY OF THE SECURITY LANDSCAPE; ANYWHERE AND EVERYWHERE A HACKER CAN ENTER!! THE AUTONOMOUS XDR SUPERCHARGED-MACHINE REACTS FASTER THAN A HUMAN CAN EVER MOVE, REMOVING THREATS BY DISABLING USER ACCESS, FORCING A RESET, QUARANTINING THE REGION AFFECTED AND MORE. CyberRivers' XDR platform also integrates essentially every single existing tool and category of cybersecurity into one platform.