For modern organizations, cyberattacks are simply unavoidable. There is no hiding from this fact. And if attacks are unavoidable, then the key to effective protection is speed and accuracy.
You need to react quickly when you are attacked in order to:
- Detect an incident as soon as possible
- Investigate it thoroughly and discover everything that you need to tackle it
- Contain it before it breaks out and causes significant damage
Organizations may believe in the critical importance of speed but be unsure of how that translates into metrics. The 1-10-60 rule provides useful guidelines: One minute to detect, 10 to investigate and 60 to contain and remediate. Organizations that strive to adhere to this rule are better prepared to defend against threats and successfully remediate cybersecurity incidents when they occur.
This begs the question: How far away from this ideal standard are organizations? This report explores the state of organizations’ cybersecurity detection and containment capabilities, as well as their ability to understand the attackers themselves. Are they detecting threats fast enough? Do they know what is putting them at risk? Can they contain a threat before attackers reach their objectives?
And the biggest question: What happens to organizations that cannot detect, investigate and contain a threat fast enough?