Popular on Amzeal

Similar on Amzeal

Cybersecurity Trends: Incident Responses are Lax, Automation is Absent and Privacy is Paramount

Amzeal News/10311854
NEW YORK - April 13, 2019 - Amzeal -- Defending against potential cyber-attacks isn't just about prevention; it's also about having the resilience to respond and recover.

Put another way, companies who respond quickly and efficiently to contain a cyberattack can save thousands, even millions. But for all that, proper cybersecurity incident response plans remain lax. Why? Is it a skills gap? Is it missed opportunities to strengthen cyber resilience like automation?

In our lead story, most organizations surveyed are unprepared to properly respond to cybersecurity incidents. In fact, 77% of companies interviewed in a recent study sponsored by IBM said they don't have a cybersecurity incident response plan applied consistently across the enterprise.

Equally as alarming, more than half do not test their cybersecurity incident plans regularly, which can leave them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.

The difficulty cybersecurity teams are facing in implementing a cyber security incident response plan has impacted compliance with the General Data Protection Regulation (GDPR), says IBM's study. Nearly half of respondents say their organization has yet to realize full compliance.

"Failing to plan, is a plan to fail, when it comes to responding to a cybersecurity incident" says IBM VP Ted Julian. "These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program... (with) proper planning companies (could) save millions during a breach."

Check out Today's Cloud Blast on YouTube (https://youtu.be/Odj57ba5QUY)

Hackers who target businesses and other organizations are constantly finding new ways to try and steal information. So why are companies constantly playing catch up? IBM's new study "The 2019 Cyber Resilient Organization" gives us some answers.

More on Amzeal News
Here we see the industry's skills shortfall rearing its ugly head. Alarmingly, only 30% of respondents reported that staffing for cybersecurity is sufficient to achieve a high level of cyber resilience.

A lack of staffing is hindering our ability to properly manage resources and needs. Survey participants stated they lack the headcount to properly maintain and test their incident response plans and are facing 10-20 open seats on cybersecurity teams. In fact, only 30% of respondents reported that staffing for cybersecurity is sufficient to achieve a high level of cyber resilience. Furthermore, 75% of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high. Adding to the skills challenge, nearly half of respondents said their organization deploys too many separate security tools, ultimately increasing operational complexity and reducing visibility into overall security posture.

Modern cyberattacks have become heavily automated, and if organizations try to defend against these attacks manually, the fight becomes man versus machine, with highly unfavorable odds for the organization.

So it is a bit disheartening to see that less than one-quarter of the respondents to IBM's study say their organization significantly uses automation technologies, such as identity management and authentication, incident response platforms and security information and event management (SIEM) tools.

Protective monitoring is a maturing discipline within the cybersecurity portfolio, say experts. However, there are two problems with the current SIEM paradigm. First, it can take months to set up a SIEM solution properly, and it requires constant tuning to reduce false positives and allow your security operations center (SOC) team to adjust to changing business patterns.

There are obvious shortfalls in models that involve little more than spotting a problem and then telling someone about it. Clearly, this falls short of the five functions of the National Institute of Standards and Technology (NIST) Cybersecurity Framework — Identify, Protect, Detect, Respond and Recover.

More on Amzeal News
Here was a red flag: 77% of IT pros who participated in the study reported their organizations only use automation moderately, insignificantly or not at all.

So now we have confirmation of what we would call a "security automation gap". We will spare you from all the numbers, but organizations who extensively use of automation rate their ability to prevent, detect, respond and contain a cyberattack as significantly higher than those who are want of mechanization.

Like it or not, privacy and security have converged, thanks to the rise of big data and machine learning. We have to accept the fact that we live in a world where intruders are obsessively making a run at getting private information.

The fact that privacy impacts the bottom line has grabbed the attention of companies. Facebook lost a whopping $119 billion in market capitalization in the wake of the Cambridge Analytica scandal because of concerns over privacy.

And in fact, organizations are finally acknowledging that collaboration between privacy and cybersecurity teams can improve cyber resilience. 62% of respondents to IBM's recent Cyber Resilient Organization Study indicated that aligning privacy and cybersecurity teams is essential to achieving resilience.

Interestingly, privacy is now intermingled with compliance due to the emergence of new regulations like GDPR, and the California Consumer Privacy Act, So companies are now finally prioritizing data protection when making IT buying decisions. in fact, 56% of respondents from this study said "information loss" or "theft" were the top factors in justifying cybersecurity spend.

"Consumers are demanding businesses do more to actively protect their data" say the study's researchers. "78% of (our) respondents say a company's ability to keep their data private is extremely important, and only 20% completely trust organizations they interact with to maintain the privacy of their data."

In addition, most respondents also reported having a privacy leader employed. 73% of IT pros interview said their organization employs a Chief Privacy Officer, further proving that data privacy has become a top priority in organizations.

CloudBlast is produced by RestonLogic, cloud wizards leveraging over 10 years experience helping companies automate, transform and build highly-secure and stable systems.

Source: RestonLogic
Filed Under: Technology

Show All News | Report Violation

1000 characters max.

Latest on Amzeal News