It comes as no surprise that the increasing complexity of a businesses' systems is often at the heart of it's inability to detect and respond to security incidents. This creates a sort of cyber security vicious circle, spawning even more elaborate systems and processes in an attempt to address the problem. 

What's perhaps more concerning is that these Ponemon findings will almost certainly relate to larger enterprises, which whilst inherently more complex, should be the ones best equipped in terms of resource and technology to take on the challenge. So if there's a problem at the top of the food chain, where does that leave everyone else? 

It would seem that whilst many can 'talk the talk' far fewer 'walk the walk' when it actually comes in incident response. So with that in mind maybe it is time to take a step back and look at how things could be simplified, after all if we don't do it now, things will only get worse. 

It strikes me that incident response is something that doesn't need to be unduly complex. We simply assume that the chances are something will happen and that we have a drill in place to act appropriately when it does. 

Fire is arguably one of the best analogies when it comes to this sort of thing. The concept of smoke alarms & fire extinguishers, fire drills and the fire brigade needs no explanation.  A combination of technology, training and access to those best qualified to deal with the situation. We do all we can to prevent fires breaking out in the first place, however they can and do start. It is certainly something that most hope they never experience, however we all understand the consequences of getting it wrong on the one occasion that we do. 

The ironic thing is that where cyber security is concerned, whilst we acknowledge a breach is a near certainty, we still harbour the believe that if we work hard enough we can overcome this inevitability. Whilst it pays to make yourself a less attractive target than those around you, there comes a point when knowing about an incident and reacting to it, is better than hoping and then missing one when it actually does!  

The Canary is one example of a simple solution that ticks a whole load of the boxes that are probably at the heart of why businesses aren't prepared to recover from a cyber attack as outlined in the Ponemon report. 

1) it is a simple concept, probably the easiest you will ever encounter, especially when trying to explain what it does to C Level execs who are not immersed in cyber security technology. After all why should they be?  

2) It doesn't profess to be a "silver bullet", it does as they say, 'do what it says on the can'. Bad guys can and do get into a network and some might already be on the inside. Accept it! So what we need to do is find out when they are sniffing around our prized data assets.

3) It doesn't make a lot of noise! If it doesn't 'chirp', there is nothing to report. No false positives, nothing that needs to be reviewed or analysed on an ongoing basis. Which is good because you can then focus on other stuff that matters. 

4) It is easy to set up and deploy. No fine tuning. Decide where you want your Canary to go, plug it in, make it look like something else on your network that would be attractive to an attacker and away you go!  

5) Get Foregenix to manage your incident response. We do this sort of thing all the time, most businesses don't. Which is at the heart of why many  are simply not prepared when something actually happens. Being led by those who are skilled in IR ensures that an incident is dealt with efficiently and professionally. This really is something that is best not learnt on the job!  

I would contend that we should put IR at the top of the agenda and work back. As things stand it is almost considered as an admission of failure and as such something of a last resort. However since our defences will always be fallible, IR should remain the one constant that should never be over looked.

Canary can revolutionise aspects of IR and could just represent that 'one small step' for the cyber security industry, by being disruptive through its sheer simplicity ? After all it was recently described as 'what Apple would make if they were in the cyber security business'.