Expert Comments

Experts On IBM’s Cyber Resilient Org Report

Expert(s): Security Experts
Expert(s): Security Experts Published: Last Updated on

IBM’s recent announcement of its 5th annual Cyber Resilient Organization Report, conducted by the Ponemon Institute.

Key findings from the report:

  • More orgs (26%) have adopted formal, enterprise-wide security response plans over the past 5 years, compared to 18% of respondents in 2015.
  • Amongst those with a formal security response plan, only 1/3 (17% of respondents) had also developed specific playbooks for common attack types.
  • The # of security tools used has a negative impact; orgs that use 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, compared to those with less tools.
  • Over the past two years, only 39% of companies with a formal security response plan in place experienced a disruptive security incident, compared to 62% of those with less formal plans.

Experts Comments

Dot Your Expert Comments
Chloé Messdaghi
July 02, 2020
VP of Strategy
Point3 Security

Money can fix certain things but not human element issues.
Another factor must be taken into consideration: the human element. We see companies paying for solutions for the sake of their compliance checklists, and yet, down the road, their teams don’t know what some of these tools do or how to use them. Right now, more than ever, it’s important to support and empower security teams. This means discovering in a collaborative way skills shortages and knowledge gaps. That can mean that those in charge should be familiar with the tools they’re.....Read More
Another factor must be taken into consideration: the human element. We see companies paying for solutions for the sake of their compliance checklists, and yet, down the road, their teams don’t know what some of these tools do or how to use them. Right now, more than ever, it’s important to support and empower security teams. This means discovering in a collaborative way skills shortages and knowledge gaps. That can mean that those in charge should be familiar with the tools they’re asking their front-line staffs to use. It also means protecting the security team against burnout. During this pandemic time, it’s also important to realize that some of your employees may be more susceptible to burnout, for example, they might be women with children taking on more of the weight of home responsibilities in addition to their careers. People need to feel recognized for their workplace contributions and also know they’ve got the agency to sustain work/life balance. Money can fix certain things but not human element issues. Companies that provide recognition and work-life balance, and that provide ongoing cyber skills assessments and up-skills training through scientifically proven tools, are strengthening their cybersecurity overall, and providing a fairer and more effective workplace.  Read Less
Saryu Nayyar
July 01, 2020
CEO
Gurucul

Overloading security analysts with too much information is a known issue.
There are some interesting takeaways from the latest Cyber Resilient Organization Report, done by Ponemon for IBM. While readiness and responsiveness is improving, and organizations that have implemented a formal response plan are seeing less disruption, work is still needed in other areas. Many organizations still need to formalize their incident response plans and bring their cybersecurity posture up to date. Too few organizations have playbooks in place to react to an incident in a.....Read More
There are some interesting takeaways from the latest Cyber Resilient Organization Report, done by Ponemon for IBM. While readiness and responsiveness is improving, and organizations that have implemented a formal response plan are seeing less disruption, work is still needed in other areas. Many organizations still need to formalize their incident response plans and bring their cybersecurity posture up to date. Too few organizations have playbooks in place to react to an incident in a consistent manner. Perhaps worse, some organizations have found that simply adding additional security tools to the mix has actually reduced their effectiveness. Overloading security analysts with too much information is a known issue. This is why we recommend bringing all of the disparate data feeds into a single place with advanced security analytics, where that flood of information can be consolidated, normalized, analyzed, and presented to the responders in a risk-prioritized manner that lets them focus on the most relevant threats, and facilitates additional automation to reduce their load.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...