Ransomware, business email compromise, and other attacks are increasingly evading cybersecurity defenses, causing IT and cybersecurity teams to further invest in incident response (IR) readiness. As such, incident response can no longer be viewed as an event-driven action but must be operationalized and become a core strategy within security operations. As security and line-of-business teams react to this new reality, new incident response strategies are needed for most.
Few have the internal resources and capacity to handle this key function on their own, requiring many to leverage a service-based approach. While managed security service providers and managed detection and response service providers have become commonplace, a deeper partnership is needed to enable real-time IR services capable of mitigating damage from successful attacks. Cybersecurity leaders need to better understand the differentiation of IR services as a standalone offering versus those included in a broader set of service offerings to make more informed decisions.
To gain further insight into these trends, TechTarget’s Enterprise Strategy Group surveyed 339 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with incident response technologies and processes.