A security breach is not a failure and, with Forrester Research predicting that in 2015 “at least 60 percent of organizations will suffer a security breach₁”, not all that uncommon. As victims of a breach, CISOs and security & risk professionals need to respond quickly to minimize its impact. The best way to ensure an appropriate response is to have a plan in place well before a breach occurs. That way, you aren’t making decisions while your brain is in crisis mode, and you are less likely to overlook critical areas of your response. However, incident response planning is the most overlooked area of security!
Why is this? Enterprises spend (rightly) so much time, effort and money working to prevent a breach, they fool themselves into thinking that they can’t be breached. But we all know this isn’t true. Most enterprises that suffer a breach were not negligent in their security activities. In fact, some have robust security programs. That is why it is important not to spend time shaming a company that suffers a breach. Instead, we should be sharing information so that enterprises can learn from these incidents.
After a CISO has done everything possible to prevent a breach, he or she needs to pull together a comprehensive and strategic plan for minimizing the impact of any breaches that do occur. This not only benefits the company, but it also positions the CISO as a strategic thinker who wants all the bases covered. Strategic CISOs know that a poorly managed breach response can cost an enterprise millions in lost business, opportunities and fines. So, developing a comprehensive response plan will demonstrate their ability to think through scenarios. It also demonstrates the ability to think beyond the technologies needed to reduce enterprise risk.
Forrester Research analyst Heidi Shey offers guidance on creating a breach response plan that will help an enterprise respond quickly and appropriately to minimize damage. You can register to hear Heidi’s viewpoint during a live webinar here: https://info.veracode.com/webinar-forrester-planning-for-failure.html