Mean Time To Respond (MTTR) is the average time required to return a system to operational condition after receiving notification of a failure or cyberattack. MTTR represents the security of devices and software products and can be used to assess the performance of a team of information security specialists. The Mean Time to Respond does not take into account the time when a problem was already in existence but unknown. That period is called the Mean Time to Detect (MTTD). Together, MTTR and MTTD make up the total duration of a cyber incident. The formula for MTTR is shown below:
What does this mean for an SMB?
SMBs should strive to have the lowest possible MTTR that is commercially reasonable to achieve for their business. The best way to accomplish this is to have strong cybersecurity measures in place including the following:
- Network Intrusion Detection and possibly Prevention with logging and alerting from a Security Incident Event Management (SIEM) solution in place
- A robust Incident Handling Process
- Network performance monitoring and alerting
- Application performance monitoring and alerting
The more visibility into your network and applications you have, such that you can record normal daily activities, the more likely you are to identify abnormalities and strange network activity quickly. This will help you lower your MTTB and take proactive actions to protect your network.
Additional Protections All SMBs should have in place
In order to stay secure and lower the chances of becoming a victim of an attack, your company needs to take proactive measures. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene, to house unique 14+ character passwords for every account
- Require Governance Policies (WISP, Password, Acceptable Use, Information Handling, Incident Response, and VAMP)
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees on cybersecurity skills they need such as strong password hygiene and how to spot and avoid phishing attacks
- Test that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.
To learn more about Incident Response Policies and Processes, watch this short video:
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.