By Ram Christian Agustin
The results of a global study sponsored by tech behemoth IBM have revealed that a great majority of organizations remain unprepared in cybersecurity incident response.
The report, titled “The 2019 Cyber Resilient Organization”, explored the preparedness of organizations pertaining to their ability to withstand and recover from a cyberattack.
Based on the data by Ponemon Institute’s fourth annual benchmark study on cyber resilience, 77% of the respondents revealed that they have an inconsistent cybersecurity incident response plan.
According to Ted Julian, VP of product management and co-founder for IBM Resilient, millions of dollars can be saved during a breach if proper planning is executed alongside investments in automation. He also pointed out that stress tests are a must for these plans, as well as the board’s full support in people, process, and technology investments.
The study showed that proper cybersecurity incident response dilemmas have been persistent over the past four years of the study. 54% of organizations that are not prepared with response plans also fail to test their plans regularly.
If these organizations were prepared against an attack and they manage to contain it within a month, they could save up to $1 million in costs, the report said.
“Resilience is a part within the IBM family of cybersecurity solutions, and put simply, organizations look at their security in four steps or four concentric circles. The outermost circle is the endpoint. Perimeter security are all the things that touch humans and machines. It could be a mobile device, a laptop, a camera, even a printer port connected to the network. This is the perimeter of your defense,” said Malcolm Rowe, IBM Asean security software and services leader.
“With the Internet, the perimeter has now become wherever the user is on a connected device or where that machine/device may be located,” he added.
Failure in the preparation of a cybersecurity incident response plan also affects the compliances of businesses with regards to the General Data Protection Regulation.
46% of the respondents stated that they have yet to fully comply with GDPR, of which the legislation is nearing its one-year anniversary, according to the report.
The study also came up with 73% of the respondents sharing that they have a Chief Privacy Officer employed which hints that data privacy has been a priority for organizations and consequently, 56% believed that information loss and theft justifies cybersecurity spending.
“Social engineering and methods to try and get people to just unwittingly do something that reveal access to applications and systems is the largest area of vulnerability to date,” Rowe explained.
The global survey featured insight from more than 3,600 security and IT professionals from around the world, including the United States, Canada, United Kingdom, France, Germany, Brazil, Australia, Middle East and Asia Pacific.