The RMS Titanic provides a cautionary tale for information security professionals worldwide. Deemed unsinkable, the Titanic’s passengers and crew were not prepared to respond when the ship’s hull was breached by an iceberg. It was a tragedy that could have been avoided or minimized if an appropriate response plan had been in place. And, as is often the case when it comes to cyber security breaches, much of the blame for the insufficient response can be placed on human error – failure to heed warnings, poor emergency planning, and overconfidence in technology that ultimately failed when placed in a real crisis.
Organizations have long focused their cyber security posture around prevention – thwarting an attack before there is a network or data breach. But, with the sophistication and number of attacks increasing, more organizations are now concentrating on implementing response plans prior to a cyber breach. And just like the allegory above, the role of humans here is key. They need to know what to do after a breach has been identified and quickly mitigating the negative impact to the organization.
2018 saw an unprecedented volume of data breaches in both the public and private sector. In some cases, these breaches had gone undetected for years, resulting in significant reputational and financial loss.
BAE Systems surveyed information security professionals to determine their organizations’ readiness and ability to recover from a data compromise.