Organizations hit by cyber- attacks often lack an effective incident response plan. Why are so many unprepared?
Investigators called in after organizations are hit by cyber- attacks have said in many cases there is no effective incident response plan. But why are so many failing to prepare for the inevitable?
The most basic problem is people at many organizations still do not consider cyber- attacks as inevitable, because they either believe their defenses are good enough or they don't think they will be targeted.
European sales director for Guidance Software Ken Yearwood said European organizations think because relatively fewer data breaches are reported in the continent, it's less of an issue than it is in the US.
Firms in the US are already required by law to report breaches of personal data, creating the false impression such attacks are relatively rare in Europe.
"European firms should learn from US breaches and assume the same kind of attacks are being used elsewhere in the world and could soon be used against them," said Yearwood.
The next problem is organizations do not understand the true value of effective incident response plans in reducing the scope of an attack by identifying its source and shutting it down quickly.