Security Incident Response Readiness Survey
-
Upload
rahul-neel-mani -
Category
Technology
-
view
164 -
download
0
Transcript of Security Incident Response Readiness Survey
Security Incident Response Readiness
An insight into organization’s ability to Sense, Resist and React to a Security Incident
Page 2
Introduction
1970s - Mainframes• Ready for natural
hazards• Physical response
measures in place• Call for external
assistance
1980s – Client / Server• Reliance on new
technologies• Basic disaster recovery in
response to system failures
• Virus protection• Identity and access
management
1990s - Internet• Enterprise- wide risk
management introduced• Regulatory compliance
commonplace• Business continuity in focus
2000 – E-commerce• Advances in information and
cyber security• Switch to online• Third party outsourcing• Connectivity of devices
Recent Times - Digital• Global shocks (terrorist, climate, political)• Business resilience• Internet of Things• Critical infrastructure• State sponsored cyber espionage and cyber
attacks
Times are changing and so are the risks and threats
Page 3
Understanding the challenges
Recover Adapt & reshape
ThreatsSense
Risk appetite
Resist Three lines of defense
Critical assets
Intellectualproperty (IP)
Revenue Reputation
React
Technology is increasing organization’s vulnerability to be attacked
Increased online presence, Broader use of social media, Mass
adoption of BYOD (Bring Your Own Device), Increased usage of cloud
services
• Collection/analysis of big data
• Inherent connectivity of people, device & organization has enhanced
vulnerability
Ref: Global Information Security Survey 2016
It is the ability of organizations to predict and detect cyber threats.
Sense
It starts with how much the risk an organization is prepared to take across its ecosystem.
Resist
If the sense fails and there is a breakdown in the resist, organizations need to be ready to deal with the disruptions and manage the crisis.
React
Page 4
Survey Assessment – Leaderships' Role
Cybersecurity a board level agenda. The success of any cybersecurity program depends on supportfrom executive leadership and its alignment with business objectives
Management is also realizing the risks to business, however this is just the start and lot of workneeds to be completed before the management can be sure of gain enough confidence in theircybersecurity function.
Over 70% organizationsdo not have theircybersecurity strategyaligned with businessobjectives.
58% of our respondents lack confidence in their organization’s cybersecurity program
Over 33% of ourrespondents do nothave a cyber securitystrategy whichconsiders next 1-3years.
Business Alignment
missingLow confidence Short sightedness
Page 5
Budget Is it enough?
75% of respondents have dedicatedbudget allocated for cybersecurity.Moreover, 20% of respondents have abudget of over USD $2mn.
$$$49% of the organizations witha budget of $0.5m - $2mexpect their budget to increaseby 10-20% in the next 12months.
36%
36% organizations having no budget allocation for cybersecurity have experienced cyberattacks in last 12 months.
Page 6
Identifying Crown- Jewels
Over 39% ranked employee or customer or supplier personally identifiableinformation (PII) as the number 1 information most valuable to cyber criminals in theorganization.
Only 18% ranked senior executive / board member personal information as thenumber 1 information valuable to cyber criminals in the organization.
19
18
16
21
42
24
16
19
25
22
17
29
30
20
13
17
25
25
20
17
29
18
16
20
12
Senior executive/ Board memberpersonal information
Company financial information
Corporate strategic plans
Login credentials
Employees or customers or suppliers orvendors personally identifiable…
P 1 P 2 P 3 P 4 P 5
Contd..
Page 7
Identifying Crown- Jewels
Over 30% ranked Phishing / Spam as the number 1 or number 2 source of cyberattack, followed by Malware attacks which is further followed by external cyberattacks and Internal employees.
0
12
10
19
19
26
8
7
9
15
24
23
13
10
16
12
22
13
24
15
22
5
8
12
27
16
14
12
12
5
14
26
15
23
1
7
Espionage (e.g., by competitors)
Zero-day attacks
Internal attacks (e.g., by disgruntledemployees)
Cyber-attacks (e.g., to disrupt or deface theorganization, to steal financial information, to…
Malware (e.g., viruses, worms and Trojanhorses)
Phishing/ spam
P 1 P 2 P 3 P 4 P 5 P 6
Page 8
Incident Response Framework
Over 70% of our respondents have a defined cyber security incident management program.
While 84% of organizations with acyber security incident managementprogram have a dedicated Incidentresponse team set up within theirorganization.
Organizations are taking steps toimprove their incidentmanagement posture; haveinitiated cyber security incidentprograms and trying to includebusiness teams to assist in cybersecurity incident managementprogram.
84%
61% of organizations have an Incident response team (IRT) in place without a cyber security incident management program.
61%
Page 9
Where should organizations focus to better resisttoday’s attacks?
The point noted also get further strengthened by the factthat:
36% of organizations believe that higher professionalstaffing and training would help in improved incidentresponse, this is followed by development of an improvedpatch management process.
37% of the organizations that have a dedicated IRT believe that the staff is not adequate and require additional skills and trainings.
Incident response team must deliver
14%
8%
18%
24%
36%
Better incident responsecapabilities
Threat intelligence
Improved vulnerability auditsand assessments
Improved patch managementprocess
Higher professional staffingand training
87% organizations have a defined process for communication.
Page 10
Collaboration is vital
75
47 50
14
CERT- ComputerEmergency Response
Team
Law enforcement andgovernment entities
Industry peers We neither receive orshare any information
87% of organizations receive or share information with CERT, Law enforcementagencies and industry peers.
Potential Collaboration within the ecosystem
Page 11
Effective measurement is critical
47% of the respondents who don’t have defined indicators have suffered a cyber attack in the last 12 months.
47%
The indicators shall be evaluated to find out the status ofeffectiveness of current cybersecurity framework.
70% respondents have defined performance indicators to measure the effectiveness of the program.
16%
20% 21%
12%
31%
No definedfrequency/adhoc basis
On amonthly
basis
On aquarterly
basis
On anannualbasis
On anongoing
basis
Page 12
The board must become more involved in cybersecurity and understand cyber risk
The board must understand:
► The suitability of the governance structure
► The appropriateness of the cyber risk management program
► The appropriateness of the cyber risk disclosures required by regulators
► How insider threats should be managed
Page 13
Just protecting your organisation isn’t enough anymore
Guiding Principles
► Focus on impact
► Enhance cyber skills and capabilities
► Benchmark results
Strategic Goals
► Protect Crown Jewels
► Determine risk appetite
► Set up Operating Model and Culture
Detect
GovernRespond Protect
Recover Identify
Based on
Cybersecurity
framework
“It is going to be a continual and likely never-ending battle to stay ahead of [cybercrime] -and, unfortunately, not every battle will be won.”
Jamie Dimon, after JP Morgan Chase’s breach
Page 16
Thank you!
Page 17
Survey methodology
106respondents
19industry sectors
2.9%
18.6%
2.0%
1.0%
3.9%
6.9%
2.9%
7.8%
2.9%
9.8%
22.5%
3.9%
2.9%
2.0%
3.9%
2.0%
2.0%
1.0%
1.0%
Automotive
Banking
Building Materials
Business Services
Consulting and advisory…
Telecommunications
Engineering
Finance
Healthcare
Insurance
IT Consulting and Services
Manufacturing
Retailing
Media
Energy and Infrastructure
Law and Legal Outsourcing
Processed Products
Electric Utility
Logistics and supply chain
Respondents by industry sector
Page 18
Survey methodology
40%
16%
44%
1000 to 10000
Less than 1000
More than 10000
Respondents by number of employees
8%
35%
57%
1 Million USD
100 Million USD
more than 100 Million USD
Respondents by total annual company revenue