Gartner Offer 3 Steps for Incident Response as Attacks Surge

Share
Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats.
Gartner have released a report that outlines how organisations can implement a successful cyber security incident response as attacks continue to surge

Advisory firm Gartner have released a report arguing for three must haves for cyber security incident response.

The report underscores the critical need for robust cybersecurity incident response strategies in the current climate of increased cyber attacks.

Borrowing statistics from reports from tech giants like IBM - which highlighted the average cost of a data breach reached an all-time high in 2023 of US$ 4.45 million, a cost that as increased 15.3% since the 2020 report -  Gartner links cybersecurity incident response as a way to prepare.

Cybersecurity incident response is a critical process for organisations to effectively manage and mitigate the impact of security breaches or cyberattacks. It involves a structured approach with well-defined phases, including preparation, detection, containment, eradication, recovery, and lessons learned. 

Cybersecurity landscape

Youtube Placeholder

The report highlights the increasing frequency and severity of cybersecurity incidents. 

According to the Chainalysis 2024 Crypto Crime Report, ransomware payments reached an unprecedented US$1 billion in 2023, with ransomware accounting for 24% of all cybersecurity incidents. 

Despite these alarming statistics, the 2023 Thales Data Threat Report found that 51% of organisations worldwide still lack a ransomware incident response plan, even though 10% of organisations experienced attempted ransomware attacks in 2023.

Cybersecurity incident response

With the obvious impetus, Gartner has identified three essential components that organisations must incorporate into their cybersecurity incident response strategies:

Gartner's must-haves for cybersecurity incident response
  • 1. Build an incident response llan
  • 2. Develop detailed response playbooks
  • 3. Conduct regular tabletop exercises

1. Gartner emphasises the importance of having a comprehensive incident response plan that outlines the general procedures for addressing cybersecurity incidents. This plan should include incident severity tiers, escalation paths, and a detailed response process map. The incident response plan serves as a foundational document that guides the organisation's actions during an incident, ensuring a coordinated and efficient response.

2. Beyond a general incident response plan, Gartner recommends creating specific playbooks for common or high-impact incident types, such as ransomware. These playbooks provide detailed guidance and procedures tailored to specific scenarios, enabling organisations to respond more effectively to particular threats. The playbooks should cover all phases of incident response, including containment, analysis, remediation, and recovery.

3. To ensure that incident response plans and playbooks are effective, Gartner advises organisations to conduct regular tabletop exercises. These exercises simulate real-world scenarios and involve leadership and decision-makers across the organisation. By practising their response to various incident scenarios, organisations can identify gaps in their plans, improve coordination, and ensure that all stakeholders are prepared to act swiftly and effectively during an actual incident.

Importance of preparedness

Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats. 

Cybersecurity incidents are no longer a matter of "if" but "when,", with  telecom company BT last year revealing that more than 46 million signals of potential cyberattacks are seen on average every day worldwide.

The consequences of inadequate preparation can be severe, impacting brand reputation, customer trust, and increasingly with the soaring amount of ransomware, financial stability. 

By implementing the three must-haves identified by Gartner for an incident response plan, organisations can not only be prepared for an attack, but can more easily recover from one too. 

With The crippling economic cost of business downtime and recovery can be avoided if companies can recover from secure, clean backups.

With Lloyds reporting US$3.5tn could be lost if a hack forced a global payments to go offline for a number of days, the price of a successful cyber-attack is compounded the more businesses are unprepared to deal with the fallout. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

As real-time monitoring becomes crucial in motorsport, F1 team VCARB partners with Dynatrace to implement AI analytics and security systems

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI

Darktrace to Acquire Cado Security in Cloud Defence Push

Cloud Security

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security