The annual Scalar Security Study, published in February 2019 and conducted by IDC Canada, identified a new normal across the threat landscape: cybersecurity incidents, be it exfiltration, infiltration or denial of service, occur on a regular basis. Focused on small, midsize and large organizations in Canada, the study confirms that intrusions are inevitable and moreover that a majority of organizations experience successful attacks.
To address this, the focus of the Canadian organizations’ cybersecurity efforts is shifting from an emphasis on protection against attacks to improving the detection of malicious actors on the network and responding to and recovering from incidents as quickly as possible.
According to the report, organizations need to become cyber resilient, meaning that they should emphasize on the importance of business continuity and the need to return to normal operations and a trusted state after an incident has occurred.
- One key finding of the report is that the cost of compromise is at an all-time high. Although the average number of attacks per organization per year has declined (from 455 to 440 per organization), the average cost per organization of responding to and recovering from cybersecurity incidents has increased significantly (from $3.7 million to between $4.8 million – $5.8 million).
The major reason behind this increase is the fact that detection and response times are too slow. This is due to deficiencies in planning for cybersecurity incident response and recovery back to trusted state. These deficiencies also result in unrealistic expectations for the time required to recover. Interestingly, even compliance with the basic cyber resilience practices has a positive impact on recovery time.
- Another key finding is that the attack surface of the Canadian organizations is expanding exponentially because of remote access to corporate networks. This creates new opportunities for malicious (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/takeaways-scalar-security-study/