Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cyber Pros Point to “Perfect Storm” as Security Fundamentals Face Crisis

by The Gurus
November 6, 2017
in Editor's News
Smart city
Share on FacebookShare on Twitter

IT Security teams are on the verge of a huge crisis, pointing to significant internal and external challenges they believe dramatically impact their ability to defend their organisations from cybercrime. CISOs, CIOs and senior cyber professionals flagged four key areas of concern which, unless addressed quickly, will expose businesses to significant cyber threats.
As part of RedSeal’s second annual Resilience Report, 600 UK and U.S. senior IT decision makers responded candidly on the biggest cybersecurity challenges they face today. The 2017 RedSeal Resilience Report analysed the priorities and challenges of these security leaders and uncovered four converging areas that put cybersecurity teams – and their organisations – at a distinct disadvantage.

  1. A sophisticated threat landscape, evolving faster than teams can respond

The burgeoning threat volume and complexity is outpacing security teams’ capabilities. More than half (54 percent) of senior cybersecurity professionals think the threat landscape is evolving far faster than their organisation can respond. Specifically:

  • 54 percent report they don’t have the tools and resources they need
  • 55 percent can’t react quickly enough to limit damage in the event of a major security incident
  • 79 percent say their organisation can’t access insights to prioritise their response to an incident
  • Only one in five (20 percent) are extremely confident their organisation will continue running as usual upon discovery of a cyberattack or breach

 

  1. Lack of preparation is pervasive

The 2017 RedSeal Resilience Report found that only 25 percent of respondents’ organisations test their cybersecurity response to a major incident annually, if at all.  It also found a strong correlation: as time since the last test increases, executives’ confidence in the plan decreases.

  • On average, it has been nine months since organisations created a complete blueprint, model or map of their entire network. This means pathways through their constantly changing network – and access to their most valuable assets – are neither confirmed to be secure nor clearly known at all.
  • 55 percent concede they don’t test their strategies frequently enough because it is resource intensive (29 percent), outside their budget (27 percent), or takes too much time (26 percent)
  1. There’s a dangerous gap between perceived and true detection times

Once a network is compromised, a cyberattack festers until it’s detected and resolved. Alarmingly, the RedSeal Resilience report reveals an industry-wide discrepancy between how long it takes from when an organisation’s network is compromised to when they become aware of the event.

  • Perception:  When ranking their capabilities, cyber pros voted “detection” as their strongest area (40 percent), with respondents reporting it takes an average of six hours to discover an incident
  • Reality: Other studies of the same “time to detect” report drastically different times:
    • 24 hours (2017 SANS Incident Response Survey)
    • 49 days (2017 Trustwave Global Security Report)
    • 99 days (Mandiant’s M-Trends 2017 Report)

 
This infers that – despite detection being considered the security teams’ greatest strength – companies are struggling and not fully informed. Take for example, Sonic, which didn’t know they were hacked until their credit card processor informed them of unusual activity. They acknowledged the breach – which compromised more than five million credit cards – 11 days after the first batch of cards were uploaded for sale.
 

  1. Compliance – not strategy – drives security planning

Given the massive financial impact of breaches, cyber strategy should be the C-Suite’s priority. However, 97 percent of respondents report that external regulations play a major role in their cybersecurity and resilience planning and implementation.

  • 92 percent of organisations have had to adapt the way that they meet regulatory requirements due to the use of public cloud platforms such as AWS and Microsoft Azure
    • 12 percent of respondents’ organisations had to do a total rethink
    • 49 percent had to make significant changes
  • Only 27 percent are completely confident their IT systems can support these regulations
    • Therefore, 73 percent of companies which might not meet the requirements for using public clouds – such as AWS, where Deloitte faltered, and Azure, the source of hacks for Dow Jones, Verizon, and RNC to name a few –may be more exposed to attacks and breaches.

These insights come just a couple of months after the FTSE 350 Cyber Governance Health Check (the Government’s annual report providing insight into how the UK’s biggest 350 companies deal with cybersecurity) revealed that one in ten FTSE 350 companies operate without a response plan for a cyber incident – meaning 35 of the UK’s biggest businesses are seriously under prepared for the inevitable attack.
“Having any one of these four areas – resources, preparation, detection and overarching strategy –  in crisis is dangerous. Combined, they’re the harbinger of security disaster for any organisation,” noted Ray Rothrock, CEO and chairman of RedSeal. “This report underscores the urgency for the leaders of cyber strategy to pivot and aggressively pursue resilience, the ability to maintain business as usual while navigating an attack, as the new gold standard.  Being prepared is the best defense.”

FacebookTweetLinkedIn
Tags: CIOCISOCybercybersecurityRedsealtechthreat landscape
ShareTweetShare
Previous Post

Global CISOs Concerned About Business’ Cybersecurity Readiness

Next Post

One in four UK workers have maliciously leaked business data

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information