Gartner predicts that 60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020, up from less than 10% in 2014.
“As critical as it may be to protect the business from the fallout of an intrusion, effective incident response allows an organization to continue to pursue its objectives despite a disruption,” said Mr. McMillan.
Resilience is the by-product of mature incident response practices. Incident response is one of the core processes that any security leader must define, develop, implement and prioritize to protect the enterprise and demonstrate security's value to the business.
Read More: Navigating the Security Landscape in the IoT Era
Following are three integral steps that should be considered:
1. Develop your incident response process
Advance preparation is crucial to effective incident response, but it’s also extremely difficult, especially in complex, distributed enterprises. Adequate preparation will ensure that:
- You already know what the most critical assets are
- You are able to detect that an incident has occurred or is occurring
- A procedure is in place to resolve the incident and manage the consequences
- The people involved know what their role will be
2. Prepare your people
You must be prepared to manage the totality of the impact, and not just the cause of it. A breach or intrusion reaches across an entire business, with partners, executives, remote business units and customers all affected.
The sudden transparency produced by an information leak requires an effective response capability that addresses the totality of the consequences across the organization, not just the consequences on IT. You must develop the right expertise to lead the organization's response to a security incident.
3. Implement operational response
Security operations are evolving with greater recognition that traditional approaches of protecting the perimeter and investing in prevention capabilities are inadequate, in light of today's persistent and advanced attacks.
The failure of traditional preventative techniques has had two important impacts:
- Organizations are retooling their security architectures to improve their detection, response and, ultimately, their predictive capabilities.
- Organizations now recognize that "incidents" are not just a point-in-time issue, but rather a continuous problem for IT to confront.