A global survey of 2,848 IT and cybersecurity professionals conducted by Ponemon Institute of behalf of IBM suggests many of them may be living in a world their hopes and dreams exceed hard reality when it comes to their response to a cyberattack. The survey finds that nearly three-quarters (72 percent) said the feel their organizations are more cyber-resilient today than they were last year.
And yet, among other largely unaddressed issues over three quarters (77 percent) admitted their organizations don’t have a formal incident response plan that is consistently enforced across the organization, while more than half (57 percent) said the time it takes for them to resolve an incident has increased in the last year. Nevertheless, 54 percent rated their ability to respond to a cyberattack as being high or very high. Top reasons cited for feeling better about resiliency include the hiring of new personnel (61 percent), improved governance policies (60 percent), and improved visibility into applications and data (57 percent).
To make matters even more interesting, only about one-third (31 percent) said funding for IT security is sufficient to achieve resilience, with 60 percent saying the No. 1 barrier to achieving resilience is a lack of funding. The second biggest barrier cited was staffing, with only 29 percent reporting that as far as cybersecurity personnel were concerned, they felt the organization is ideally staffed.
When it comes to cybersecurity resilience, progress may be in the eye of the beholder. Regardless of how organizations may feel about the progress being made, it’s clear not enough of them have tested that resiliency in a meaningful way, said Ted Julian, vice president of product management for IBM Resilient, supplier of an incident management platform IBM acquired in 2016. Organizations need to conduct incident response drill to create institutional muscle memory that can be relied on in the event of a major cybersecurity breach, he said.
The Ponemon survey shows most organizations have some form of an incident response plan. But Julian contended most of those plans reside in a dusty manual that no one has updated in years. That lack of planning results in every incident being a lot more disruptive to the overall organization than need be, said Julian, adding the overall financial impact of a cybersecurity incident also winds up being a lot lower when an incident response plan is routinely executed.
A full 65 percent of the survey respondents said the severity of the cyberattacks being launched against their organization has increased in the last year. The good news is that 95 percent said that regardless of how they may feel about cybersecurity, their top priority for the coming year is performing risk assessments.
Because cybersecurity criminals only need to be right once, that would suggest it’s only a matter of time before every organization’s incident response plan will be put to the test. In fact, Julian noted that as more organizations start to appreciate the scope of the General Data Protection Rule (GDPR) being put into place by the EU in May, it’s now only a matter of time before incident response plans are more aggressively tested.
In terms of technologies relied on most to thwart those attacks, the survey found that identity management and authentication (70 percent), antivirus/antimalware (59 percent) and intrusion prevention systems (55 percent), incident response platforms (53 percent), network surveillance tools (52 percent) and encryption of data at rest (52 percent) are deemed to be the most effective.
The survey also suggests senior managers inside these organizations are well-aware of the value of cyber-resilience to the enterprise. But it’s apparent there’s a significant gap between what appears to be a lot of wishful thinking and hard cybersecurity reality.