Despite increase in security response planning, majority of organizations are unable to contain cyber-attacks.
Enterprises have slowly improved their ability to plan, detect, and respond to cyber-attacks
over the past five years. However, their ability to contain an attack has seen a decline by 13% during this same period, says a recent report from IBM. The 5th annual Cyber Resilient Organization Report, based on a study conducted by the Ponemon Institute found that using too many security tools has affected security response efforts. There is also a lack of specific playbooks for common attack types.
Nearly 75% of companies in this study said they either have no plans to combat attacks, and if they have one, they appear to apply it inconsistently, hampering the cost of security incidents.
As per the report, a large number of organizations have adopted enterprise-wide security
response plans over the past five years. Most of the companies also said that using several
security tools had a negative impact across multiple categories of the threat lifecycle. Adopting more tools does not necessarily improve security response efforts. Enterprises need to use open, interoperable platforms as well as automation to help reduce the complexity of responding across disconnected tools. As per the report, 63% of the respondents said their use of interoperable tools helped them improve their response to cyber-attacks.
Organizations with formal security response plans applied across the business were less likely to experience significant disruption due to cyber-attacks. The report says, only 39% of these companies experienced a disruptive security incident in the past two years as compared to 62% of those with less formal or consistent plans.
It is important for companies to focus on testing, practicing, and reassessing their response
plans against cyber threats and cyber attacks regularly. In order to overcome complex
challenges and contain cyber incidents at a much faster rate, they can leverage interoperable technologies and automation. Companies need to know that different types of attack require unique response techniques. Having a pre-defined playbook helps them with consistent and repeatable action plans for the most common attacks they are likely to face.