All of the recent news regarding data breaches at major retailers has raised a series of questions that speak to the urgency of finding solutions as emboldened bad actors increase the sophistication and frequency of their cyber-attacks. Not the least of these questions is whether enterprises, particularly those who handle millions of customer records, have the threat intelligence they need to quickly respond to and resolve the growing undermining of trust which is the foundation of e-commerce’s vitality.
The issue of readiness, including visibility and remediation capabilities are the subjects of a new study by Linden, UT-based incident resolution solutions provider AccessData and the Ponemon Institute, which conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices.
The report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations, sponsored by AccessData, surveyed 1,083 CISOs and security technicians in the United States and EMEA about how their company handles the immediate aftermath of a cyber-attack and what would help their teams more successfully detect and remediate these events. It sought information about: the use of threat intelligence to defend against cyber attacks; the current state of incident response; IT professiona;ls understand of the importance of getting to the root cause is critical to stopping future attacks; and, what is going on in the critical areas of mobility and e-discovery.
Lack of preparedness and tools is “startling”
The term “sobering” is one I have used way too often is the coverage of security reports. While it applies to the findings in this one, the use of the term “startling” by the authors may be more appropriate. A few facts from the survey illustrate why.
When a CEO and Board of Directors asks a security team for a briefing immediately following an incident:
Source: Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
Some of the findings that highlight the lack of preparedness are almost jarring. For example:
In commenting on the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute stated: “When a cyber-attack happens, immediate reaction is needed in the minutes that follow, not hours or days…It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.”
There obviously is a lot to digest regarding all of the above. However a pullout that deserves attention in the one about importing and utilizing threat intelligence to augment the capabilities of existing security products which would give CISOs enhanced abilities to be not just reactive but proactive in dealing with cyber attacks. The graphic below highlights this.
“Today, companies focus primarily on the protective aspect of their information security,” said Craig Carpenter, Chief Cybersecurity Strategist at AccessData. “While protection is obviously important, this research reinforces the critical need for organizations to invest in automated IR technology integrating security, forensics and eDiscovery solutions to facilitate not just incident response, but incident detection, investigation and resolution. CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face. What they need is an incident resolution platform that doesn’t just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant portions of the IR process, allowing them to focus on the most pressing incidents.”
It may sound like a statement of the obvious, but CISOs are deeply aware (pardon the pun) that you can’t defend against what you don’t know. Visibility has always been important, but never more so than now. As the survey results show, unfortunately CISOs do not believe they have the visibility they need to discover and respond quickly to threats, or the skilled people required to turn what truly are actionable insights into enhanced protection. This is good news for cyber attackers and bad news for the rest of us.
The axiom that fore-warned is fore-armed resonates with CISOs. This report in that respect can be a valuable vehicle for CISOs to engage their management in discussions as to where advanced threat intelligence investments can have significant impact in risk mitigation. The headlines only amplify the sense of urgency in having that discussion.
To hear the current FCC talk about it, 5G mobile service is the be-all and end-all of not only mobile communications, but the answer to most of the co…
mCart by Mavatar announces the launch of the world's first blockchain-based decentralized mCart marketplace by the FX Group.
Federal judge Richard Leon gave the $85 billion deal the green light today - and without any requirements to sell off any parts of the company. He als…
There are now thousands of blockchains, and unless you are a cryptophile, you won't recognize most of them.
Ribbon Communications tells its story at Perspectives18.