Prepare for the Inevitable Security Incident
A serious security incident is a question of “when,” not “if.”
The 2014 cyber attack on Sony Pictures Entertainment was a game changer. It was a very public example of an aggressive business disruption attack, which caused Sony to experience significant system disruption.
“Such an outcome could have happened to many digital businesses and was a wake-up call for this type of attack,” said Rob McMillan, research director at Gartner. “Although the frequency of an attack on this scale is low, it showed how an aggressive cybersecurity attack can seriously impact business operations.”
Targeted attacks like this reach deeply into internal digital business operations, with the express purpose of causing widespread damage. Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the Internet by attackers.
60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020.
“Your business must be prepared – an intrusion is inevitable for many organizations and preventative security measures will eventually fail,” said Mr. McMillan. “The question you must accept isn’t whether security incidents will occur, but rather how quickly they can be identified and resolved.”
This reality of the digital economy makes effective incident response — that is, reducing the risk of incidents and mitigating the damage they cause — a top concern for security and risk professionals.
Why you must prepare
While incident response is a regulated requirement for organizations in some industries, the costs of preparation for any company can be surpassed by the hundreds of millions in damages and recovery expenses that follow an intrusion. Along with bad press, the aftermath is littered with ransom payouts, fines, lawsuits and often increased operational expenses used to address system failures.
Learn More: Visit Gartner Digital Risk & Security Hub
Gartner predicts that 60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020, up from less than 10% in 2014.
“As critical as it may be to protect the business from the fallout of an intrusion, effective incident response allows an organization to continue to pursue its objectives despite a disruption,” said Mr. McMillan.
Resilience is the by-product of mature incident response practices. Incident response is one of the core processes that any security leader must define, develop, implement and prioritize to protect the enterprise and demonstrate security’s value to the business.
Read More: Navigating the Security Landscape in the IoT Era
Following are three integral steps that should be considered:
1. Develop your incident response process
Advance preparation is crucial to effective incident response, but it’s also extremely difficult, especially in complex, distributed enterprises. Adequate preparation will ensure that:
- You already know what the most critical assets are
- You are able to detect that an incident has occurred or is occurring
- A procedure is in place to resolve the incident and manage the consequences
- The people involved know what their role will be
2. Prepare your people
You must be prepared to manage the totality of the impact, and not just the cause of it. A breach or intrusion reaches across an entire business, with partners, executives, remote business units and customers all affected.
The sudden transparency produced by an information leak requires an effective response capability that addresses the totality of the consequences across the organization, not just the consequences on IT. You must develop the right expertise to lead the organization’s response to a security incident.
3. Implement operational response
Security operations are evolving with greater recognition that traditional approaches of protecting the perimeter and investing in prevention capabilities are inadequate, in light of today’s persistent and advanced attacks.
The failure of traditional preventative techniques has had two important impacts:
- Organizations are retooling their security architectures to improve their detection, response and, ultimately, their predictive capabilities.
- Organizations now recognize that “incidents” are not just a point-in-time issue, but rather a continuous problem for IT to confront.
More information is available to Gartner clients in the report: “Prepare for the Inevitable With an Effective Security Incident Response Plan.”
Gartner Security & Risk Management Summits
Gartner analysts will provide additional analysis on security trends at the Gartner Security & Risk Management Summits taking place in 2017 in National Harbor, Maryland, Tokyo, Japan, Sao Paulo, Brazil, Sydney, Australia and London, U.K. You can follow news and updates from the events on Twitter using #GartnerSEC.