Incident Response Is the Weakest Link in the Threat-Handling Chain, Study Shows

Faced with a growing army of cyber criminals constantly after their data, businesses are investing heavily in new technology and professionals to close the cybersecurity gap. While this sounds promising, most organizations are making very slow progress towards cyber resilience.

In research for Illusive Networks, Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well businesses are addressing cyber risks – specifically, insider threats – and the steps they are taking to make cyber-ends meet.

Several interesting findings transpire from the report, including that incident response is quite the weak link in mitigating cyber risk. And more than one data point suggests that this is an epidemic among US businesses. For example, only about half of respondents say upper management respects IT security leaders. Only 37 percent say the security team has the support it needs from business teams to design and execute business-oriented threat detection and incident response capabilities.

Most organizations rely on outside expertise to compensate for their weaknesses in incident response. 52% use service providers for analysis and incident response, and only 21% of organizations are “going it alone,” the report states.

Organizations are more confident in their ability to handle attacks by external actors than internal attacks or negligence by their own staff. This finding also somewhat correlates to a skill gap. The study shows only 34% of respondents have security personnel with skills needed to identify and resolve malicious insiders.

“Incident response may be the weakest link in the risk mitigation chain. Gaps on the incident response side may explain why more than half (52 percent) of respondents’ companies use service providers for analysis and incident response,” researchers said.

Incident response is also where communication and alignment between security and business functions falls apart in some cases. When a crisis calls for executive action, less than a third of respondents agree that they have well-defined criteria for when to involve business leaders in a security incident.

Incident response suffers from process and technology gaps. However, the biggest inhibitor to incident response is the skill gap, with 59% of respondents indicating a shortage of skilled personnel inhibits better cyberattack response.

Corroborating these findings, the third annual global study from ESG and ISSA found that the cybersecurity skills shortage impacts 74 percent of organizations worldwide. The most acute skills shortages recorded this year were in cloud security (33 percent), followed by application security (32 percent) and security analysis & investigations (30 percent).

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: