With this week’s Thanksgiving holiday here we all know what to expect from Black Friday and Cyber Monday deals, a PoS breach or credit card theft story in the news. It’s hard to imagine a post-shopping spree week free of any news around payment system compromise. Simply because the only focus hackers have is finding vulnerabilities to get in; businesses on the other hand are still working their way up to making a holistic security posture an integral part of the business process.
A recent study conducted by IBM and the Ponemon Institute shows just how true this is. Even though the study focuses on business resilience following a cyberattack, when you look at the findings you see the connection to the lag in holistic security measures by businesses.
First point from the study worth noting is that a major hindrance to effective security was found to be the lack of organizations having a cyber security incident response plan (CSIRP).
In addition to this, Larry Ponemon commented in the study’s press release how companies are seeing the value of deploying an incident response plan, but are still lagging in having the appropriate people, processes and technologies in place.
So, even though organizations are adopting security measures, such as having an incident response plan, they’re still in the silver bullet, quick fix, solution mindset. If this weren’t the case, more businesses would have an incident response plan that comprised people, processes and technologies; all renowned components to an effective security posture.
Another indication of businesses lagging in the battle to protect themselves from cybersecurity risks is the decrease in high resilience ranking the study indicated.
- While in 2015, 35% of IT and security pros ranked their organization’s resilience as high; only 32% of them ranked their resilience as high this year.
Even though the difference may be small, seeing as an entire year has passed and the digital world has moved forward, one would’ve liked to believe this number should’ve increased or at the very least, stayed the same. Instead we find it has dropped, meaning that security experts working at these organizations don’t believe the business can make it if they were faced with a cyberattack.
- The study defines resilience as “an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks.”
The IBM and Ponemon study finds that 66% of organizations would likely be unable to recover from a cyberattack. When asked about responding properly to an attack, the top reasons listed for not being able to do so included insufficient planning and complexity of IT and business. What also needs to be noted is the notion that more than half of the study’s respondents have dealt with a data breach in the last two years.
Not only did the study’s respondents have experience dealing with a data breach, but they also work at the company and take care of security aspects. The mention of complexity of IT and business in the face of attack indicates part of the problem. While businesses have IT and security professionals onboard, they are obviously in need of some extra expert help.
It is quite clear that a holistic security mindset hasn’t set in just yet and that businesses could do with additional expert hands on deck. Hopefully, studies like these point them in the right direction.
If you’re unsure how your business would do if faced with a cyberattack, schedule a free consultation here. Let us help you to stay in business for the new year ahead and many more to come.
We’re here to help and get you on track with cybersecurity. Give us a call today!
Photo Courtesy of Tashatuvango