In a survey of IT professionals in 30 countries by RSA, the security division of IT firm EMC, a third of respondents said their organization does not have a formal incident response plan for cyberbreaches and, of those that do, 57% infrequently or never review or update it.
One of the key components of establishing the strongest threat intelligence and breach response program may require a reevaluation of how the business looks at technology staff. It is critical that companies have a dedicated security operations staff, RSA advised, but many assume this falls under the scope of a general IT team. That approach overlooks an important distinction.
“Cybersecurity and information security are related but distinct disciplines,” the report explained. “Both protect information systems, but the purview of cybersecurity extends beyond networks and systems to asset classes such as strategic infrastructure. Cybersecurity is also more proactive. There are other qualifications cybersecurity professionals must possess that are not required of traditional IT, including an understanding of business processes, the ability to gather, analyze and act on intelligence, and a deep understanding of the entire organization.”