IBM’s recent announcement of its 5th annual Cyber Resilient Organization Report, conducted by the Ponemon Institute.
Key findings from the report:
- More orgs (26%) have adopted formal, enterprise-wide security response plans over the past 5 years, compared to 18% of respondents in 2015.
- Amongst those with a formal security response plan, only 1/3 (17% of respondents) had also developed specific playbooks for common attack types.
- The # of security tools used has a negative impact; orgs that use 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, compared to those with less tools.
- Over the past two years, only 39% of companies with a formal security response plan in place experienced a disruptive security incident, compared to 62% of those with less formal plans.
There are some interesting takeaways from the latest Cyber Resilient Organization Report, done by Ponemon for IBM. While readiness and responsiveness is improving, and organizations that have implemented a formal response plan are seeing less disruption, work is still needed in other areas.
Many organizations still need to formalize their incident response plans and bring their cybersecurity posture up to date. Too few organizations have playbooks in place to react to an incident in a consistent manner. Perhaps worse, some organizations have found that simply adding additional security tools to the mix has actually reduced their effectiveness.
Overloading security analysts with too much information is a known issue. This is why we recommend bringing all of the disparate data feeds into a single place with advanced security analytics, where that flood of information can be consolidated, normalized, analyzed, and presented to the responders in a risk-prioritized manner that lets them focus on the most relevant threats, and facilitates additional automation to reduce their load.
Another factor must be taken into consideration: the human element. We see companies paying for solutions for the sake of their compliance checklists, and yet, down the road, their teams don’t know what some of these tools do or how to use them.
Right now, more than ever, it’s important to support and empower security teams. This means discovering in a collaborative way skills shortages and knowledge gaps. That can mean that those in charge should be familiar with the tools they’re asking their front-line staffs to use. It also means protecting the security team against burnout. During this pandemic time, it’s also important to realize that some of your employees may be more susceptible to burnout, for example, they might be women with children taking on more of the weight of home responsibilities in addition to their careers. People need to feel recognized for their workplace contributions and also know they’ve got the agency to sustain work/life balance. Money can fix certain things but not human element issues.
Companies that provide recognition and work-life balance, and that provide ongoing cyber skills assessments and up-skills training through scientifically proven tools, are strengthening their cybersecurity overall, and providing a fairer and more effective workplace.