Gartner Offer 3 Steps for Incident Response as Attacks Surge

Share
Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats.
Gartner have released a report that outlines how organisations can implement a successful cyber security incident response as attacks continue to surge

Advisory firm Gartner have released a report arguing for three must haves for cyber security incident response.

The report underscores the critical need for robust cybersecurity incident response strategies in the current climate of increased cyber attacks.

Borrowing statistics from reports from tech giants like IBM - which highlighted the average cost of a data breach reached an all-time high in 2023 of US$ 4.45 million, a cost that as increased 15.3% since the 2020 report -  Gartner links cybersecurity incident response as a way to prepare.

Cybersecurity incident response is a critical process for organisations to effectively manage and mitigate the impact of security breaches or cyberattacks. It involves a structured approach with well-defined phases, including preparation, detection, containment, eradication, recovery, and lessons learned. 

Cybersecurity landscape

Youtube Placeholder

The report highlights the increasing frequency and severity of cybersecurity incidents. 

According to the Chainalysis 2024 Crypto Crime Report, ransomware payments reached an unprecedented US$1 billion in 2023, with ransomware accounting for 24% of all cybersecurity incidents. 

Despite these alarming statistics, the 2023 Thales Data Threat Report found that 51% of organisations worldwide still lack a ransomware incident response plan, even though 10% of organisations experienced attempted ransomware attacks in 2023.

Cybersecurity incident response

With the obvious impetus, Gartner has identified three essential components that organisations must incorporate into their cybersecurity incident response strategies:

Gartner's must-haves for cybersecurity incident response
  • 1. Build an incident response llan
  • 2. Develop detailed response playbooks
  • 3. Conduct regular tabletop exercises

1. Gartner emphasises the importance of having a comprehensive incident response plan that outlines the general procedures for addressing cybersecurity incidents. This plan should include incident severity tiers, escalation paths, and a detailed response process map. The incident response plan serves as a foundational document that guides the organisation's actions during an incident, ensuring a coordinated and efficient response.

2. Beyond a general incident response plan, Gartner recommends creating specific playbooks for common or high-impact incident types, such as ransomware. These playbooks provide detailed guidance and procedures tailored to specific scenarios, enabling organisations to respond more effectively to particular threats. The playbooks should cover all phases of incident response, including containment, analysis, remediation, and recovery.

3. To ensure that incident response plans and playbooks are effective, Gartner advises organisations to conduct regular tabletop exercises. These exercises simulate real-world scenarios and involve leadership and decision-makers across the organisation. By practising their response to various incident scenarios, organisations can identify gaps in their plans, improve coordination, and ensure that all stakeholders are prepared to act swiftly and effectively during an actual incident.

Importance of preparedness

Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats. 

Cybersecurity incidents are no longer a matter of "if" but "when,", with  telecom company BT last year revealing that more than 46 million signals of potential cyberattacks are seen on average every day worldwide.

The consequences of inadequate preparation can be severe, impacting brand reputation, customer trust, and increasingly with the soaring amount of ransomware, financial stability. 

By implementing the three must-haves identified by Gartner for an incident response plan, organisations can not only be prepared for an attack, but can more easily recover from one too. 

With The crippling economic cost of business downtime and recovery can be avoided if companies can recover from secure, clean backups.

With Lloyds reporting US$3.5tn could be lost if a hack forced a global payments to go offline for a number of days, the price of a successful cyber-attack is compounded the more businesses are unprepared to deal with the fallout. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Why is Active Directory a Concern for CISOs?

Jim Doggett, CISO at Semperis, explains why Active Directory is worrying CISO’s, the consequences of it and how it can be secured to prevent cyber attacks

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Hacking & Malware

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware