Security leaders are right to be concerned about cyberthreats, but identifying breaches is easier said than done. Just because something is abnormal doesn’t mean the system is breached, and sometimes the system is breached well before anything abnormal happens. When the time comes to take action, many teams are unable to even diagnose the problem.
A true security incident could negatively impact information security objectives. So when something in the system triggers an alert or looks unusual, security teams need to have a protocol in place to diagnose, act on, and neutralize the issue. In fact, an effective incident response plan can be the difference between an easily fixed vulnerability and a catastrophic security breach.
Read the full article on readwrite