#incident-response

#incident-response

The National Institute of Standards and Technology (NIST) recently released NIST IR 8596, the Initial Preliminary Draft of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile). The document establishes a structured approach for managing cybersecurity risk related to AI systems and the use of AI in cyber defense, organised around three focus areas: Securing AI System Components (Secure), Conducting AI-Enabled Cyber Defense (Defend), and Thwarting AI-Enabled Cyber Attacks (Thwart).

In organizations with mature processes, this demonstrably leads to a 30 to 50 percent reduction in mean time to respond. This is not an optimization, but a necessary adjustment. The question is no longer whether AI agents will be deployed, but how far their autonomy extends. Security teams must explicitly determine which decisions can be automated and where human oversight remains mandatory. If these frameworks are lacking, the risks only increase.

Manage My Health, a portal enabling connection between individuals and their healthcare providers, experienced a cyberattack identified on Dec. 30. The New Zealand-based organization published a statement to its website the following day, and as of Jan. 5, has continued to post subsequent updates as information has come available. Following the forensic investigations, the organization believes around 7% of 1.8 million registered patients may have been impacted.

Robust IT systems support uninterrupted operations through resilience, security, and proactive monitoring. CIOs report that 87% of digital-first businesses rely on automated failover systems to reduce service disruption. Continuous monitoring helps detect failures before they impact users. Recovery plans activate system redundancies and restore functions with minimal input. Automated backup schedules and patch management prevent gaps in continuity. IT managers emphasise the role of configuration management and centralised monitoring tools.

"A company's reputation is its most valuable asset, and protecting it requires foresight, discipline, and transparency."

On-call engineers spend hours manually investigating incidents across multiple observability tools, logs, and monitoring systems. This process delays incident resolution and impacts business operations, especially when teams need to correlate data across different monitoring platforms. AWS DevOps Agent (in preview) is a frontier agent that resolves and proactively prevents incidents, continuously improving reliability and performance of applications in AWS, multicloud, and hybrid environments.

It's really important to go back to just the cybersecurity basics. Are you using multi-factor authentication? Are you training your staff and employees at all levels to not click that link? Are you patching your systems? Do you have good monitoring software and applications that are monitoring your network even when you're sleeping?

"The worst feeling in the world is to be in the middle of an incident and realize that it would be a great thing that you could do to resolve that incident, if only a tool had been built before, right? So it'd be great if you figure that out before you get into that incident, and then you have the tool ready to go. "

Ribbon supplies software, IP, and optical networking systems to telecoms service providers, businesses, and critical infrastructure organizations including BT, Verizon, CenturyLink, Deutsche Telekom, and Tata, as well as public-sector bodies such as the US Defense Department and the City of Los Angeles. In a with the US Securities and Exchange Commission (SEC), the company has revealed that "unauthorized persons, reportedly associated with a nation-state actor" had gained access to its network in December 2024.

Regulations such as the General Data Protection Regulation (GDPR) and the Australian Prudential Regulation Authority's (Apra's) CPS 230 standard have led organisations to become "really obsessed" with the 72-hour notification window following a data breach, according to Shannon Murphy, global security and risk strategist at Trend Micro.

Following last week's announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord.

The truth is, these teams are working on the same event. They're just seeing it from different angles. If they aren't connected, response becomes fragmented and valuable time gets lost. Connecting the Dots in Real Time This is where a unified approach to critical event management makes a real difference. It's not about layering on more tools. It's about connecting the ones already in place and giving people a shared view and a clear process when something goes wrong.

"The preliminary investigation is ongoing, and we are assessing the scope of any concerns and any necessary required remediation," the spokesperson added. "We are in the process of evaluating technical remediation solutions and will act as appropriate. Compliance with the Privacy Act and identifying a solution for this technical problem is critical to the DAF to ensure warfighter readiness and lethality."

When an incident occurs, every second counts. Whether it's a security breach, theft, or an unauthorized access attempt, physical security teams must act quickly to determine what happened, who was involved, and what actions to take next. Digging through hours of footage, manually piecing together evidence, and cross-referencing logs can be slow and cumbersome. But with a modern video management system ( VMS), security teams can streamline investigations, improve response times, and uncover critical insights faster - "supercharging" their investigations.

A new survey confirms what many IT pros already know: downtime doesn't exist, with dashboards and alerts intruding on their free time. More than half of the 616 IT professionals surveyed (52 percent) said they checked dashboards during nights, weekends, or vacations, with 59 percent saying past outages had left them more obsessive about making sure that everything is working. A third of IT pros said they felt compelled to check in at least once an hour.

In complex systems, failure isn't a possibility - it's a certainty. Whether it's transactions vanishing downstream, a binary storage outage grinding builds to a halt, or a vendor misstep cascading into a platform issue, we have all likely seen firsthand how incidents unfold across a wide range of technical landscapes. Often, the immediate, apparent cause points to an obvious suspect like a surge in user activity or a seemingly overloaded component, only for deeper, blameless analysis to reveal a subtle, underlying systemic flaw that was the true trigger.