If there’s anything that has been proven in the past handful of years in information security, it’s that despite all of the talk and all of the spending on defensive technologies — from anti-malware to security event and information management systems - it's just not realistic any organization to be able to block all serious attacks.
No one would argue that preventing attacks isn’t ideal: but that’s just not the reality we face. The reality is that most organizations will be breached at some point. As a result, most organizations need to better prepare for how they will identify and respond to attacks as they are underway.
That thought certainly matches anecdotal evidence from the number of organizations that have been breached at the same time they were also compliant to government or industry security regulations, such as PCI DSS. Also, according to the 2013 Verizon Data Breach Investigation Report, 66 percent of breaches in the past year took at least months, if not years, to be identified. That 66 percent figure is up from 55 percent in 2011 and 41 percent in 2010.
As Dan Polly, IT security officer at First Financial Bank, said to me in my story from last year, Beyond breach prevention: The need for adequate response, there are steep hurdles defenders face when it comes to keeping systems secure. "It's interesting to look at malware over the last several years, and how very humbling it is when one considers the small amount of resources attackers must put into place to reach their objectives, against the rather sizable amount of resources defenders must have in place. It's an incredibly asymmetrical situation," Polly said at the time.
It’s still true this year, and will be true for many more years to come. It’s why the data security incident response market is set to boom. According to market research firm ABI research, the incident response market is expected to grow to an estimated $14.79 billion by 2017, up from $6 billion in 2012.
To continue reading this article register now