Request Your Free Report Now:

"How Enterprise Are Responding to the Incident Response Challenge"

Many organizations bolstered their incident response capabilities last year to address a wide and growing range of security threats to their IT environments. The efforts drove an increase in the number of organizations that have an established security operations center, dedicated security staff, and full-fledged incident response teams. Many have established security operations centers and have a dedicated incident response team to address a continuing increase in reported security incidents.

In recent years, many organizations have been revamping their incident response (IR) capabilities to better address new threats and vulnerabilities resulting from a variety of factors, including the rapid adoption of cloud computing, the Internet of Things (IoT), and software-as-a-service (SaaS). These efforts continued unabated last year.

Dark Reading’s 2023 State of Incident Response survey showed more organizations reporting more security incidents last year than in our previous two surveys. Though phishing continued to be the most common security threat, security teams contended with a wide range of other security incidents, including system outages, vulnerability exploits, incessant logon efforts, and attempts to steal IP and other data.

Large organizations experienced substantially more of these security incidents in 2022 than small and midsize businesses (SMBs). Yet they appeared to be better resourced and better equipped to address these incidents than SMBs. A greater proportion of large organizations had a dedicated incident response team — and more staffers on these teams — than did SMBs. More large companies also had a security operations center (SOC) and a dedicated computer security incident re[1]sponse team (CSIRT) that either reported to or functioned independently from the SOC. Despite these differences, broad similarities occurred across organizations, regardless of size, in how security teams most frequently detected incidents and in what they perceived as the greatest potential threats to their applications and data. Additionally, notable similarities appeared in what security teams consider the most challenging incident response tasks and processes. The top among these were end-user training, incident scoping, patching and vulnerability remediation, and log analysis. A significantly larger percentage of respondents than in our last survey reported that these tasks were their biggest challenges in building an effective incident response capability.

Dark Reading’s survey showed what appears to be the substantial adoption of recommended practices, such as threat modeling, the use of playbooks, and partnering with others on incident response. Somewhat paradoxically, though — and despite all the rhetoric about focusing on response and not just prevention — two-thirds of the organizations in Dark Reading’s survey reported that it’s best to devote 70% or more of their resources to prevention and 30% or less to incident response.

Offered Free by: Dark Reading
See All Resources from: Dark Reading