April 11, 2019
IBM Security and the Ponemon Institute asked global IT executives what they do to keep their cyber organizations resilient and found interesting insights into the state of modern cyber security.
Defending against potential cyber attacks is not just about prevention; It is also having the resilience to respond and recover.
Unfortunately, most organizations are not adequately prepared to respond to cyber security incidents, according to the 2019 Resilient Cyber Organization Study, released April 11 by IBM Security. The report was conducted by the Ponemon Institute and is based on a global survey of 3,655 IT security professionals from around the world.
Here are some of the study's key highlights and what positive actions organizations can and should take to help improve cyber resilience:
1:Most organizations do not have a consistent incident response plan.
67% respondents admitted that their organization does not have a cyber security incident response plan applied consistently across the enterprise.
While cyber security is a high priority, often considered alongside other large companies, we are surprised that few organizations have reported response plans in place, said Ted Julian, vice president of product management and co-founder. from IBM Resilient. & #8220; Given the advances in other areas of incident response, this is particularly disconcerting and worth investigating next year.
2: Even organizations with incident response plans are not doing right.
The report found that, among organizations that have an incident response plan, 54% does not test their plans regularly (or at all) to make sure they stand up and are prepared for the worst day.
3: Intelligence and threat sharing are essential for improving cyber resilience.
Respondents identified intelligence and threat sharing as security technologies that are most effective in their ability to achieve cyber resilience.
In contrast, only 20% of respondents identified artificial intelligence (AI) as being most effective for cyber resilience.
4: Skill issues are still a cyber security issue.
75% respondents rate their difficulty in hiring and retaining skilled cyber security personnel as moderately high to high.
Only 30% of respondents reported that their cyber security team is sufficient to achieve a high level of cyber resilience.
5: Many are not yet GDPR compliant.
Although all organizations doing business in the European Union were required to comply with the General Data Protection Regulation (GDPR) in May 2018, this has not yet occurred.
46% survey respondents admitted that their organization has not yet achieved full compliance with the GDPR.
6: Automation is the key to better incident response.
Less than half of organizations that use automation extensively (48%) had a data breach versus the 55% that did in the overall sample.
& #8220; This is the first year we have asked about security response process automation, and we are pleased to see that it has started & #8221 ;, said Julian. & #8220; We expect to see broader adoption next year, especially due to the positive effects reported by senior adopters this year & #8221;
SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!