Content

Resilience improved, but response dragged down by too many tools, too few playbooks, report says

While cybersecurity resilience has largely improved over five years, most organizations – 74 percent – say their security response plans are ad-hoc, applied inconsistently or are non-existent even as 13 percent say their ability to contain an attack has declined, a report on resiliency found.

Organizations have too many security tools and not enough specific playbooks to address common attack types, both of which hobbled their security response, IBM Security reported in the fifth annual Cyber Resilient Organization Report, whose findings were based on a global survey conducted by the Ponemon Institute.

“Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis,” Ponemon Institute tk Larry Ponemon wrote in a blog post, noting that the survey of more than 3,400 information technology (IT) and security professionals in 11 global markets found that “organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.”

Among the respondents with cybersecurity incident response plans (CSIRP) in place, 51 percent said the plans were not applied consistently across their organizations and “only one-third have attack-specific playbooks in place, minimizing their preparedness,” Ponemon wrote.

That number increases when it comes to “high performers,” 825 respondents that the study identified as standing out “for their use of technology as the primary reason for improvements in cyber resilience.” Half of that group “have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS),” Ponemon said.

“Many organizations still need to formalize their incident response plans and bring their cybersecurity posture up to date. Too few organizations have playbooks in place to react to an incident in a consistent manner,” said Gurucul CEO Saryu Nayyar. “Perhaps worse, some organizations have found that simply adding additional security tools to the mix has actually reduced their effectiveness.”

Nayyar said that although “readiness and responsiveness is improving, and organizations that have implemented a formal response plan are seeing less disruption, work is still needed in other areas.”

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.