IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue

By VARINDIA - 2020-07-01

IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue

IBM (NYSE: IBM) Security announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period. The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.



While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place. IBM Security and Ponemon Institute: 2019 Cost of a Data Breach Report



The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:


· Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
· Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
· Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
· Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.



"While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity," said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. "Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

 


Vikas Arora, VP, IBM Cloud & Cognitive Software & Services, IBM India and South Asia, said, "While Indian organizations have shown improvement in terms of their cyber resiliency by hiring skilled professionals and overall planning, there needs to be a lot more done to manage the dynamic cybersecurity landscape. Organizations need to look at testing their cybersecurity incident response plan regularly and leverage technologies like Automation, Cloud, AI, and interoperable solutions to help sail through any unforeseen situation."

 


Updating Playbooks for Emerging Threats


The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.



Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, IBM Security, 2020 X-Force Threat Intelligence Index, (2020), p. 15 only 45% of those in the survey using playbooks had designated plans for ransomware attacks.



Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.



More Tools Led to Worse Response Capabilities


The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).



These findings suggest that adopting more tools didn’t necessarily improve security response efforts - in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.



Better Planning Pays Off


This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years compared to 62% of those who didn’t have a formal plan in place.



Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.



Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.


 CIO  - SPEAK
Start-Up and Unicorn Ecosystem
 SOFTWARE  Placeholder image
Birlasoft brings intelliOpen to support safe Return-to-Work strategies

Birlasoft brings intelliOpen to support safe Return-to-Work strategies

Birlasoft has launched intelliOpen - an integrated digital solution using I...

Route Mobile brings “Verbatim” simplifying compliance process for banking, financial institutions & enterprises

Route Mobile brings “Verbatim” simplifying compliance process for banking, financial institutions & enterprises

Route Mobile Limited has announced the release of its newest solution, ‘Verbatim&rsq...

VARINDIA SIITF
SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) -2018
BANGALURU
VARIndia - Star Nite Awards
STAR NITE AWARDS(SNA) - 2018
NEW DELHI
VARINDIA - OITF
ODISHA INFORMATION TECHNOLOGY FAIR(OITF)-2019
BHUBANESWAR
VARINDIA - WIITF
WESTERN INDIA INFORMATION TECHNOLOGY FAIR(WIITF) - 2019
MUMBAI
 INDUSTRY EVENTS Placeholder image
DIGISOL Systems to host online training on Switching Fundamentals

DIGISOL Systems to host online training on Switching Fundamentals

DIGISOL Systems will be hosting an online training program on switchin...

Huawei brings new ICT empowers Smart Grids, held the Seventh Huawei Global Power Summit

Huawei brings new ICT empowers Smart Grids, held the Seventh Huawei Global Power Summit

The Seventh Huawei Global Power Summit themed "Bits Drive Watts, Building a Fully Con...

Matrix Comsec participates in the VERE 2020, Virtual Exhibition on Railway Equipment

Matrix Comsec participates in the VERE 2020, Virtual Exhibition on Railway Equipment

Matrix Comsec has confirmed its participation in the Virtual Exhibition on Railway Equipme...

Esri UC India going LIVE to showcase how GIS interconnects world

Esri UC India going LIVE to showcase how GIS interconnects world

Esri India has announced Esri UC India Live conference, which will be held from 14th to 16...


Copyright varindia.com @1999-2020 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.mybrandbook.co.in | www.spoindia.org

advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription advertisement video production, home video distributors, home video company, List of PC Magazines, Best online PC Magazines, Top Online PC Magazines in India, Best online PC Magazines in India, Best PC Magazine, PC Magazine Subscription