sb-as logo
Story image

IBM report: Security response improving - containing attacks, not so much

Organisations have improved their detection of and response to cybersecurity in the last five years, yet their ability to contain an attack has dropped by 13% during the same period of time, according to new data from IBM Security.

It’s indicative of a space in which 74% of organisations report having either ad-hoc, inconsistently applied, or non-existent security plans, despite generally improving responses to attacks.

The survey, conducted by the Ponemon Institute, gleaned insights from over 3,400 global security and IT professionals and discovered several different contributing factors leading to lapses in security response efforts, including the use of too many security tools and a lack of planning.

The latter factor was crucial for many organisations, says IBM Security, with companies that have incident response teams spending $1.2 million less on data breaches than those without.

“While more organisations are taking incident response planning seriously, preparing for cyber-attacks isn’t a one and done activity,” says IBM X-Force Threat Intelligence vice president Wendi Whitmore. 

“Organisations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.” 

The IBM report outlines three specific factors affecting the overall security response for organisations: having an updated playbook for threats, complexity or quantity of security tools used, and presence of an effective plan.

Updating playbooks for emerging threats

Even amongst the organisations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks for specific attack types.

Different kinds of cyber-attacks call for different kinds of response strategies, and instituting playbooks can provide predictability and consistency to action plans, especially for an organisation’s most common attacks.

Of those with concrete security response plans, 52% admit never having reviewed them. IBM says that the increasing proficiency and sophistication of attacks should prompt organisations guilty of this to review their potentially outdated response plans.

More tools led to worse response capabilities

Respondents reported using, on average, around 45 different security tools, with each separate security incident requiring coordination between 19 tools on average.

This excess of solutions does not result in better security – in fact, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10). 

IBM says the adoption of complexity-reducing automation tools can help solve this problem – 63% of high-performing organisations surveyed said the use of interoperable tools helped them improve their response to cyber-attacks.

Better planning pays off

39% of respondents who have a CSIRP experienced an incident that resulted in significant disruption, compared to 62% of respondents without such a plan.

Technology also plays a large part in cyber resilience. Organisations with higher levels of resilience cited visibility into applications and data (57%) and automation tools (55%) as the top two factors for improving resilience.

Overall, the data suggests that surveyed organisations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More