2024-03-18
Gartner Researchers: Organizations Need to Change Mindsets About Prevention and Recovery
In their keynote speech at the Gartner Security & Risk Management Summit in Sydney, Australia, Gartner researchers Chris Mixter and Dennis Xu said that it is not possible to completely prevent cybersecurity incidents; what is important, they said, is to develop robust recovery plans and rehearse them.
Editor's Note
There are two points being made here. The first is that you need to train and plan for an incident. Develop plans based on tolerable impact which would allow responses to be prioritized. The second is that you need to look out for the well-being of your responders. Staff more than one shift, monitor for stress and mental state, make sure they acknowledge work they have done, even taking credit for small incidents to show they are making a difference.
Lee Neely
Business continuity plans that are rehearsed and drilled have been identified as both essential and efficient for decades. They are the security measure of last resort; we invoke them when all else fails. The success of ransomware attacks demonstrates that many are not nearly as robust as they need to be. That said, prevention remains the most efficient part of one's strategy.
William Hugh Murray
You can’t talk about prevent and recovery without also including detection. It’s akin to having fire detectors installed. You can never, completely prevent a fire, but you do want to be able to detect one and be able to reduce the harm from it. And yes, you should regularly test the recovery plan. That’s why organizations regularly have fire alarm drills.
Curtis Dukes
Read more in
The Register: Infosec teams must be allowed to fail, argues Gartner