Many IT decision makers are worried that their organisations aren’t ready to adjust to the increasingly sophisticated cyber threats landscape and this could lead to a major crisis in the coming days.
Significant internal and external challenges continue to render organisations vulnerable to sophisticated cyber threats perpetrated by malicious hackers.
A survey of 600 senior IT decision makers from the UK and the U.S. has revealed the state of cyber preparedness of organisations in both countries and what needs to be done to prevent a major crisis in the coming days.
The survey, which is part of RedSeal’s second annual Resilience, revealed that while 54% of cyber security professionals don’t have the tools they need to combat cyber crimes, 55% can’t react quickly enough to limit damage, 79% of professionals believe that their organisations can’t access insights to prioritise their response, and 4 in 5 of them believe a breach or a cyber-attack will affect normal functioning of their organisations.
Such challenges, the decision makers said, may ‘dramatically impact their ability to defend their organisations from cybercrime’ and unless they are addressed quickly, will expose businesses to significant cyber threats.
The lack of preparation is magnified by the fact that only 25% of organisations test their cyber security response to a major incident annually. At the same time, organisations do not regularly map their networks and even if they do, they do so with significant time lags. Such delays not only affect the confidence of cyber security professionals in their networks’ security, but also keep security flaws hidden from their attention.
Over half of all IT decision makers said that they don’t test their cyber security response as they are either resource-intensive, not part of their budgets or take too much time to complete.
‘Having any one of these four areas — resources, preparation, detection and overarching strategy — in crisis is dangerous. Combined, they’re the harbinger of security disaster for any organisation,’ said Ray Rothrock, CEO and chairman of RedSeal.
The survey further revealed that there’s a significant gap in cyber security professionals’ confidence in their detection capabilities and the reality. While most professions think that they can detect cyber events within hours of them occurring, a number of reports like the 2017 SANS Incident Response Survey, the 2017 Trustwave Global Security Report and Mandiant’s M-Trends 2017 Report have indicated that it takes between 24 hours and 99 days for organisations to detect cyber attacks.
In many instances, they have been alerted about such attacks by third party vendors, cyber security researchers, or credit card vendors who noticed unusual activities. ‘This infers that — despite detection being considered the security teams’ greatest strength — companies are struggling and not fully informed,’ said RedSeal.
Even though organisations have had to change their security practices to adapt to new regulations on the usage of cloud services, IT professionals fear that as many as 73% of companies may not meet such requirements, thereby making themselves vulnerable to attacks.
‘This report underscores the urgency for the leaders of cyber strategy to pivot and aggressively pursue resilience, the ability to maintain business as usual while navigating an attack, as the new gold standard. Being prepared is the best defense,’ Rothrock added.