October 16, 2018 - Tara Seals - Threat Post
Nearly half (46 percent) of executives in a Deloitte poll say their organizations have experienced a cybersecurity incident over the past year - and that they are still closer to being ready for the next event.
The survey, of more than 3,150 professionals taken during a Deloitte Dbriefs webcast on cyber-preparedness, found that a lack of organizational policy awareness when it comes to cybersecurity is hampering efforts to improve incident response benchmarks.
To wit: About a third (30 percent) of CEO and executive-level respondents identified a lack of employee understanding of the organization's cyber-incident response plan as their biggest challenge when it comes to dealing with an attack.
Another fifth (20 percent) reported a lack of resources, such as funding, tools and skills, as the biggest obstacle.
The result is that more than 1,500 of the surveyed professionals reported feeling only “somewhat confident” in their organization's ability to respond to and remediate the cyber-incident. It's not positive news given that Deloitte estimates cybercrime costs to reach $6 trillion annually, amidst no indication of a slowdown in cyber-threats.
“We used to say it's not, but when an organization will experience a cyber incident,” said Andrew Morrison, Principal, Deloitte Risk and Financial Advisory Cyber Risk Services, Deloitte & Touche LLP. “That message has evolved well beyond a single incident to 'how often' or 'how to respond to and withstand persistent attacks.”
Unfortunately, about half (49 percent) of executive and C-level respondents to poll admitted that their organization does not conduct cyber-wargaming exercises, and more than one-third (34 percent) indicated that they don't know their individual role. within their organization's cyber-incident response plan.
Dovetail with Deloitte's findings recently released CEO and Board Risk Management Survey, which identified cybersecurity as the biggest threat to organizations — and yet only 25 percent of the 400 CEOs and board members surveyed said their organizations are actively wargaming or planning for cyber-incidents.
A typical wargame allows participants to hone organizational reflections and collaborative judgment capabilities required to avert or reduce a cyber incident with real-time injections and threat vectors that mirror those an organization would likely encounter. Deloitte noted that best practices include focusing on learning objectives to understand what an organization needs at its current level of maturity; involving a broad group of participants to identify intersections between different teams and siloes; and identifying a realistic scenario with realistic vulnerabilities.
"Improving internal processes and providing employees with the knowledge, practice and skills needed to succeed can help organizations mitigate risk through preparedness, as well as increasing overall business resilience to future attacks," Morrison said.
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
- Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
- [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
- And others, involving technologies Imperva, Thales, BeyondTrust, Manly, WatchGuard Technologies
