Fatal half-measures in incident response

It's not a matter of if, but when, you are breached. So what's your plan?

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Roughly $60 billion is expected to be invested in IT security products and services this year, according to the market research firm Gartner. That's up from $55 billion last year, with growth expected through at least 2016, when security spending is anticipated to hit a staggering $86 billion annually.

That's no small sum, and begs the question whether or not organizations are getting value for their money. With more than 560 million records exposed from 3,438 data breaches (since 2005, according to the Privacy Rights Clearinghouse), the only honest answer can be along the lines of not very well.

Slideshow: 15 worst data breaches

According to our tenth annual Global Information Security Survey (GISS), conducted by PricewaterhouseCoopers, many of the 12,052 business and technology execs surveyed reported that their organizations fell victim to a wide selection of breaches. Those breaches included data exfiltration, mobile attacks, application breaches, network breaches, successful social engineering attacks, and lost or stolen removable storage devices. "One of the things I try convince clients is that while they may not be able to prevent certain breaches, they can certainly learn to respond to breaches more proactively," Dave Shackleford, senior VP, research and CTO at IANS says.

With roughly 70 percent of respondents to our survey admitting to having been breached in the previous 12 months, it's amazing so few companies heed Shackleford's advice. Of our respondents, only 27.2 percent have an incident response process to report and handle breaches to third parties that handle data. And incident response plans are rarely in place or if they are -- key personnel are unaware of those plans. And, shockingly, only 23.8 percent of respondents have an incident response plan in place as part of their larger security policy.

To continue reading this article register now