The risk isn’t of “having a security incident” it's about handling it in a calm, collected, and methodological manner so a small incident doesn’t turn into a major one. Or worst case, a major one is identified and mitigated in minutes, as opposed to days. This sort of reinforces the “there is no real ROI” argument, as a motivated threat actor will not give up just because they were stopped once.
What proactive measures do you have in place now and would have like to have /implement as part of your go-forward strategy to reduce the overall impact and expense of an incident and the potential future ones?
How do you onboard and get buy-in for your ever-changing security requirement, and how do you calculate value?
- Do you want to spend this money capex on tools that you will need to hire extra staff to properly manage, and even then, you can only hope you get the desired goal, or you outsource the risk of failure to a 24-hour team of experts using purpose-built tools as an operational expense?
As the multitude of solutions on the market expands, investing wisely in people, processes, and technology is paramount. What combination of factors will ensure that you retain the control necessary to reduce business impact and gain visibility and control of attackers in the event of a breach?