All of the recent news regarding data breaches at major retailers has raised a series of questions that speak to the urgency of finding solutions as emboldened bad actors increase the sophistication and frequency of their cyber-attacks. Not the least of these questions is whether enterprises, particularly those who handle millions of customer records, have the threat intelligence they need to quickly respond to and resolve the growing undermining of trust which is the foundation of e-commerce’s vitality.
The issue of readiness, including visibility and remediation capabilities are the subjects of a new study by Linden, UT-based incident resolution solutions provider AccessData and the Ponemon Institute, which conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices.
The report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations, sponsored by AccessData, surveyed 1,083 CISOs and security technicians in the United States and EMEA about how their company handles the immediate aftermath of a cyber-attack and what would help their teams more successfully detect and remediate these events. It sought information about: the use of threat intelligence to defend against cyber attacks; the current state of incident response; IT professiona;ls understand of the importance of getting to the root cause is critical to stopping future attacks; and, what is going on in the critical areas of mobility and e-discovery.
Lack of preparedness and tools is “startling”
The term “sobering” is one I have used way too often is the coverage of security reports. While it applies to the findings in this one, the use of the term “startling” by the authors may be more appropriate. A few facts from the survey illustrate why.
When a CEO and Board of Directors asks a security team for a briefing immediately following an incident:
Source: Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
Some of the findings that highlight the lack of preparedness are almost jarring. For example:
In commenting on the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute stated: “When a cyber-attack happens, immediate reaction is needed in the minutes that follow, not hours or days…It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.”
There obviously is a lot to digest regarding all of the above. However a pullout that deserves attention in the one about importing and utilizing threat intelligence to augment the capabilities of existing security products which would give CISOs enhanced abilities to be not just reactive but proactive in dealing with cyber attacks. The graphic below highlights this.
“Today, companies focus primarily on the protective aspect of their information security,” said Craig Carpenter, Chief Cybersecurity Strategist at AccessData. “While protection is obviously important, this research reinforces the critical need for organizations to invest in automated IR technology integrating security, forensics and eDiscovery solutions to facilitate not just incident response, but incident detection, investigation and resolution. CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face. What they need is an incident resolution platform that doesn’t just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant portions of the IR process, allowing them to focus on the most pressing incidents.”
It may sound like a statement of the obvious, but CISOs are deeply aware (pardon the pun) that you can’t defend against what you don’t know. Visibility has always been important, but never more so than now. As the survey results show, unfortunately CISOs do not believe they have the visibility they need to discover and respond quickly to threats, or the skilled people required to turn what truly are actionable insights into enhanced protection. This is good news for cyber attackers and bad news for the rest of us.
The axiom that fore-warned is fore-armed resonates with CISOs. This report in that respect can be a valuable vehicle for CISOs to engage their management in discussions as to where advanced threat intelligence investments can have significant impact in risk mitigation. The headlines only amplify the sense of urgency in having that discussion.
It's no secret that Silicon Valley has a problem with diversity. Apart from being male-dominated, most of its workforce is white or Asian, with whites…
The lessons learned apply to any wireless-enabled device, including consumer smartphones, corporate-owned devices, Internet of Things (IoT), watches, …
Fresh seafood can taste great, but if it is not handled properly, people can get sick, and that can lead to business closures and lost revenues. That'…
With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their bu…
The growth of Fintech probably has not escaped your attention. Whether you're a customer making contactless payments or an investor weighing up CFD tr…