Organizations have long focused their cybersecurity positioning around prevention; however, with the sophistication and frequency of attacks increasing, more organizations are beginning to prioritize incident response teams, groups of specialists trained to address and defeat attacks that make it past existing protections.
BAE Systems surveyed board level executives, IT decision makers, and information security professionals to understand the current state of corporate incident response capabilities and readiness. Organizations ranged from governmental agencies to healthcare and technology firms, and from small (less than 500 employees) to large (more than 10,000 employees) enterprises.
Human error continues to be a major concern
A major finding from the results showcase how many of the organizational breaches are caused by human error, with attackers preying on human nature and employees making honest — but costly — mistakes in the course of their daily routine.
- 71 percent of incidents were phishing attacks.
- 65 percent were untargeted viruses or malware.
Incident response teams are dealing with an increasing number of incidents per month
- 67 percent of organizations responded to between one and 25 cybersecurity incidents per month.
- 26 percent of organizations responded to between 25 and 99 incidents per month.
- Nearly 8 percent responded to 100 or more incidents per month.
Many organizations are just not prepared to respond to cyber threats
- 23 percent of incident response teams do not conduct readiness exercises with senior management, missing an opportunity for both executive buy-in and staff skill development. Only 12 percent conduct them every month and 16% every quarter.
- 22 percent only have temporary or no incident response resources in place.
“With the number of breaches continuing to increase and human error being a significant concern for companies, the importance of having incident response plans in place is more critical now than ever before. We found that 22 percent of the organizations we surveyed had only temporary or no incident response resources in place. This means that far too many companies are ignoring a large piece of their cybersecurity defense,” says Mike Hepple, Security Consulting Manager in North America with BAE Systems Applied Intelligence.
“Given a clear understanding of the threat landscape and internal policy, incident response teams can triage, investigate, and mitigate security events effectively. Creating response plans can help align an organization’s workforce and procedures and even develop threat-modeled scenarios specific to each organization. The rise and refinement of social engineering tactics such as ‘phishing’ highlights the necessity to focus on training and awareness for all within an organization, with crisis planning ensuring that all employees understand the importance of cybersecurity and their specific role. With this in place, organizations can ensure they are prepared in the event of a data compromise.”