The Dual-Factor Duel: SMS Text vs. the Microsoft Authenticator App
In my line of work, casually perusing documents like the SANS 2023 Security Awareness Report is par for the course. Such documents from the SANS Institute, CISA, Kaspersky, Palo Alto, and others use data carefully curated in clean, cool-colored charts to describe futuristic topics like “threat landscapes”, “zero trust”, “cyber security resilience”, and “human risk”. As I scrolled through this particular SANS’ report, it was the last of these topics that wove through each 14-point, sans-serif paragraph: human risk through phishing, human risk in weak passwords, and human risk in incident response.
Even the calm, collected SANS researchers had to admit surprise at the inclusion of incident response in the realm of human risk. This was alright; it meant that the companies studied were beginning to understand the importance of configuring technology to respond to cyber threats and configuring the human network to facilitate an energetic, resilient approach to incident response. But how can businesses use their employees best when planning for incident response?
The world of cyber security is constantly optimizing and updating its methods to keep pace with the evolution of information technology, quite often by creating better tools for cyber security professionals. However, what if those cyber security professionals similarly optimized the workforce's abilities whose information and livelihoods they are protecting? This is where the secret agent-style incident response comes in.
Inventing the Incident Response Wheel
Before we get there, however, what is incident response? For a quick refresher, you can look at Intrada’s previous article covering the basics of incident response planning. Both NIST and CISA have created documents to define and guide the implementation of incident response planning in the context of cyber security. These guides describe the structure of incident response as a cycle, not unlike most processes (though less vicious than most created by the government).