The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools that can actually reduce the effectiveness of defense.
On Tuesday, IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.
The research, IBM’s fifth annual Cyber Resilient Organization Report, says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%.
On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets.
It does appear that the enterprise cybersecurity scene is reaching a new level of maturity, however, with 26% of respondents saying that their organizations have now adopted formal, company-wide Cyber Security Incident Response Plans (CSIRPs), an increase from 18% five years ago.
In total, however, 74% of respondents said their cybersecurity planning posture still leaves much to be desired, with no plans, ad-hoc plans, or inconsistency still a thorn in the side of IT staff. In addition, among those who have adopted a response plan, only a third have created a playbook for common attack types to watch out for during daily operations.
“Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face,” the report notes.
According to IBM, a lack of planning and incident response testing can lead to a damages bill up to $1.2 million higher than a cyberattack would have otherwise cost a victim company.
The cost can be high in terms of disruption, too, as only 39% of enterprise companies with CSIRP applied have experienced a severely disruptive attack in the past two years — in comparison to 62% of those which did not implement any form of plan.
In light of the COVID-19 pandemic and the rapid changes many of us have experienced in our workplaces, CSIRP setups need to be reviewed, and if need be, changed to adapt to the working from home environment. However, only 7% of respondents review these plans quarterly, and 40% have no time period set whatsoever for reviews.
“With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on outdated response plans which don’t reflect the current threat and business landscape,” IBM added.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0