sb-au logo
Story image

IBM report: Security response improving - containing attacks, not so much

Organisations have improved their detection of and response to cybersecurity in the last five years, yet their ability to contain an attack has dropped by 13% during the same period of time, according to new data from IBM Security.

It’s indicative of a space in which 74% of organisations report having either ad-hoc, inconsistently applied, or non-existent security plans, despite generally improving responses to attacks.

The survey, conducted by the Ponemon Institute, gleaned insights from over 3,400 global security and IT professionals and discovered several different contributing factors leading to lapses in security response efforts, including the use of too many security tools and a lack of planning.

The latter factor was crucial for many organisations, says IBM Security, with companies that have incident response teams spending $1.2 million less on data breaches than those without.

“While more organisations are taking incident response planning seriously, preparing for cyber-attacks isn’t a one and done activity,” says IBM X-Force Threat Intelligence vice president Wendi Whitmore. 

“Organisations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.” 

The IBM report outlines three specific factors affecting the overall security response for organisations: having an updated playbook for threats, complexity or quantity of security tools used, and presence of an effective plan.

Updating playbooks for emerging threats

Even amongst the organisations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks for specific attack types.

Different kinds of cyber-attacks call for different kinds of response strategies, and instituting playbooks can provide predictability and consistency to action plans, especially for an organisation’s most common attacks.

Of those with concrete security response plans, 52% admit never having reviewed them. IBM says that the increasing proficiency and sophistication of attacks should prompt organisations guilty of this to review their potentially outdated response plans.

More tools led to worse response capabilities

Respondents reported using, on average, around 45 different security tools, with each separate security incident requiring coordination between 19 tools on average.

This excess of solutions does not result in better security – in fact, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10). 

IBM says the adoption of complexity-reducing automation tools can help solve this problem – 63% of high-performing organisations surveyed said the use of interoperable tools helped them improve their response to cyber-attacks.

Better planning pays off

39% of respondents who have a CSIRP experienced an incident that resulted in significant disruption, compared to 62% of respondents without such a plan.

Technology also plays a large part in cyber resilience. Organisations with higher levels of resilience cited visibility into applications and data (57%) and automation tools (55%) as the top two factors for improving resilience.

Overall, the data suggests that surveyed organisations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

Link image
Keep $1.6 million in your pocket with stronger network visibility
You actually can run your network at full throttle without running risks. If you don’t believe it, this guide will empower your network IT choices.More
Story image
Common misconceptions about smart homes and biometrics
The real cause of most attacks is not biometrics itself, but the storage of biometrics data in a centralised database.More
Story image
Phishers cash in on the COVID-19 pandemic - how to avoid being reeled in
As the crisis continues to play out, the onus is on the rest of us to remain on high alert, to ensure our systems and data aren’t infected with another kind of virus.More
Story image
Remote working trend bolsters cybersecurity investment - but downturn predicted
A new report from Canalys indicates investment in cybersecurity has increased 9.7% - but worsening economic conditions could turn the statistic around.More
Story image
Fortinet resolves to help communities through new Corporate Foundation
“Through the establishment of a Corporate Foundation, we are extending investments in security training and education, employee community engagement and disaster relief efforts to empower and protect our communities, as well as positively impact our business, employees, customers and shareholders.”More
Download image
SaaS shouldn't left exposed to the public internet - how hybrid IT can help
By leveraging hybrid IT, enterprises can turn to a new architecture that leverages specialties such as colocation from multi-tenant data centres, and interconnection.More