sb-as logo
Story image

IBM report: Security response improving - containing attacks, not so much

Organisations have improved their detection of and response to cybersecurity in the last five years, yet their ability to contain an attack has dropped by 13% during the same period of time, according to new data from IBM Security.

It’s indicative of a space in which 74% of organisations report having either ad-hoc, inconsistently applied, or non-existent security plans, despite generally improving responses to attacks.

The survey, conducted by the Ponemon Institute, gleaned insights from over 3,400 global security and IT professionals and discovered several different contributing factors leading to lapses in security response efforts, including the use of too many security tools and a lack of planning.

The latter factor was crucial for many organisations, says IBM Security, with companies that have incident response teams spending $1.2 million less on data breaches than those without.

“While more organisations are taking incident response planning seriously, preparing for cyber-attacks isn’t a one and done activity,” says IBM X-Force Threat Intelligence vice president Wendi Whitmore. 

“Organisations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.” 

The IBM report outlines three specific factors affecting the overall security response for organisations: having an updated playbook for threats, complexity or quantity of security tools used, and presence of an effective plan.

Updating playbooks for emerging threats

Even amongst the organisations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks for specific attack types.

Different kinds of cyber-attacks call for different kinds of response strategies, and instituting playbooks can provide predictability and consistency to action plans, especially for an organisation’s most common attacks.

Of those with concrete security response plans, 52% admit never having reviewed them. IBM says that the increasing proficiency and sophistication of attacks should prompt organisations guilty of this to review their potentially outdated response plans.

More tools led to worse response capabilities

Respondents reported using, on average, around 45 different security tools, with each separate security incident requiring coordination between 19 tools on average.

This excess of solutions does not result in better security – in fact, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10). 

IBM says the adoption of complexity-reducing automation tools can help solve this problem – 63% of high-performing organisations surveyed said the use of interoperable tools helped them improve their response to cyber-attacks.

Better planning pays off

39% of respondents who have a CSIRP experienced an incident that resulted in significant disruption, compared to 62% of respondents without such a plan.

Technology also plays a large part in cyber resilience. Organisations with higher levels of resilience cited visibility into applications and data (57%) and automation tools (55%) as the top two factors for improving resilience.

Overall, the data suggests that surveyed organisations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

Story image
APAC financial firms bite down as crime compliance costs rise
The total projected cost of financial crime compliance within Asia Pacific firms reached US$12.06 billion, according to a new report.More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Data transparency increasingly important, Kaspersky study states
“It is clear from the data that people have developed a sense of control and they are now demanding openness about how and where their data is being managed."More
Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More
Story image
Snyk powers forward following financing round, expands leadership team
Snyk has closed its Series E financing round, totalling $300 million, and has expanded its leadership team to deliver advanced security to companies around the globe.More