Resilience improved, but response dragged down by too many tools, too few playbooks, report says

While cybersecurity resilience has largely improved over five years, most organizations – 74 percent – say their security response plans are ad-hoc, applied inconsistently or are non-existent even as 13 percent say their ability to contain an attack has declined, a report on resiliency found.

Organizations have too many security tools and not enough specific playbooks to address common attack types, both of which hobbled their security response, IBM Security reported in the fifth annual Cyber Resilient Organization Report, whose findings were based on a global survey conducted by the Ponemon Institute.

“Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis,” Ponemon Institute tk Larry Ponemon wrote in a blog post, noting that the survey of more than 3,400 information technology (IT) and security professionals in 11 global markets found that “organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.”

Among the respondents with cybersecurity incident response plans (CSIRP) in place, 51 percent said the plans were not applied consistently across their organizations and “only one-third have attack-specific playbooks in place, minimizing their preparedness,” Ponemon wrote.

That number increases when it comes to “high performers,” 825 respondents that the study identified as standing out “for their use of technology as the primary reason for improvements in cyber resilience.” Half of that group “have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS),” Ponemon said.

“Many organizations still need to formalize their incident response plans and bring their cybersecurity posture up to date. Too few organizations have playbooks in place to react to an incident in a consistent manner,” said Gurucul CEO Saryu Nayyar. “Perhaps worse, some organizations have found that simply adding additional security tools to the mix has actually reduced their effectiveness.”

Nayyar said that although “readiness and responsiveness is improving, and organizations that have implemented a formal response plan are seeing less disruption, work is still needed in other areas.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.