Prepare for the Inevitable Security Incident

A serious security incident is a question of "when," not "if."

The 2014 cyber attack on Sony Pictures Entertainment was a game changer. It was a very public example of an aggressive business disruption attack, which caused Sony to experience significant system disruption.

“Such an outcome could have happened to many digital businesses and was a wake-up call for this type of attack,” says Rob McMillan, research director at Gartner. “Although the frequency of an attack on this scale is low, it showed how an aggressive cybersecurity attack can seriously impact business operations.”

Targeted attacks like this reach deeply into internal digital business operations, with the express purpose of causing widespread damage. Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the Internet by attackers.

60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020.

“Your business must be prepared – an intrusion is inevitable for many organizations and preventative security measures will eventually fail,” says McMillan. “The question you must accept isn’t whether security incidents will occur, but rather how quickly they can be identified and resolved.”

This reality of the digital economy makes effective incident response — that is, reducing the risk of incidents and mitigating the damage they cause — a top concern for security and risk professionals.

Rethink the Security & Risk Strategy

Why leaders must embrace modern cybersecurity practices

Download Free eBook

Why you must prepare

While incident response is a regulated requirement for organizations in some industries, the costs of preparation for any company can be surpassed by the hundreds of millions in damages and recovery expenses that follow an intrusion. Along with bad press, the aftermath is littered with ransom payouts, fines, lawsuits and often increased operational expenses used to address system failures.

Learn More: Visit Gartner Digital Risk & Security Hub 

Gartner predicts that 60% of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020, up from less than 10% in 2014.

“As critical as it may be to protect the business from the fallout of an intrusion, effective incident response allows an organization to continue to pursue its objectives despite a disruption,” said Mr. McMillan.

Resilience is the by-product of mature incident response practices. Incident response is one of the core processes that any security leader must define, develop, implement and prioritize to protect the enterprise and demonstrate security’s value to the business.

Read More: Navigating the Security Landscape in the IoT Era

Following are three integral steps that should be considered:

1. Develop your incident response process

Advance preparation is crucial to effective incident response, but it’s also extremely difficult, especially in complex, distributed enterprises. Adequate preparation will ensure that:

  • You already know what the most critical assets are
  • You are able to detect that an incident has occurred or is occurring
  • A procedure is in place to resolve the incident and manage the consequences
  • The people involved know what their role will be

2. Prepare your people

You must be prepared to manage the totality of the impact, and not just the cause of it. A breach or intrusion reaches across an entire business, with partners, executives, remote business units and customers all affected.

The sudden transparency produced by an information leak requires an effective response capability that addresses the totality of the consequences across the organization, not just the consequences on IT. You must develop the right expertise to lead the organization’s response to a security incident.

3. Implement operational response

Security operations are evolving with greater recognition that traditional approaches of protecting the perimeter and investing in prevention capabilities are inadequate, in light of today’s persistent and advanced attacks.

The failure of traditional preventative techniques has had two important impacts:

  • Organizations are retooling their security architectures to improve their detection, response and, ultimately, their predictive capabilities.
  • Organizations now recognize that “incidents” are not just a point-in-time issue, but rather a continuous problem for IT to confront.

More information is available to Gartner clients in the report: “Prepare for the Inevitable With an Effective Security Incident Response Plan,” by Rob McMillan, et al.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

2019-2021 Emerging Technology Roadmap for Large Enterprises

We gathered expertise from IT professionals across 198 organizations to benchmark adoption stages and risk and value factors for 108 infrastructure and operations technologies for this year. The emerging technologies profiled are spread across six technology buckets: compute and storage, compute and storage (cloud), digital workplace, IT automation, network and security.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching