The UK annual information security conference and exhibition Infosecurity Europe recently surveyed 1,336 industry professionals on the subject of ‘Intelligent Security’.
It is no longer a question of debate if companies will be breached, but when. Alongside a strong prevention strategy, practitioners are now investing more in response and recovery tactics. They are recognising the need to adopt a response-focused strategy, with 69 per cent of those who participated in the Infosecurity Europe industry survey indicating that their organisation recognises the need to invest more in incident response.
When asked about the greatest information risk facing their organisation, 32 per cent of survey respondents cited external threats such as hacking, malware, APTs (advanced persistent threats) and DDoS (denial of service) attacks as their biggest concern. Recently, high-profile hacks such as Sony Pictures have highlighted the consequences of external attacks. Not only costly, security breaches can severely damage a firm’s reputation, Infosec suggests. Information security vulnerabilities such as Heartbleed and Shellshock, and breaches such as JPMorgan and Target have raised the profile of cyber risk, helping businesses to understand the level of risk. Two out of three, 67 per cent of Infosecurity Europe industry survey participants replied that recent high-profile breaches had a positive effect on making the business understand the potential threats.
As the number of attacks increases, having robust and rapid detection strategies in place has never been more critical, to minimise the business impact, it’s suggested. Although many recent breaches revealed long detection periods, the industry survey results suggest that organisations are discovering breaches quickly, with 62 per cent of participants claiming to be able to detect a breach within seven days. However, there is still a way to go for some, as 2 per cent said that it took at least a year, with a further 15 per cent claiming not to know.
Financial losses caused by a hack can hurt, such as Target losing almost £110m after being breached in 2013. The Infosecurity Europe industry survey found that the main concern for an organisation is reputational damage (62 per cent) with only 14 per cent stating financial loss as their prime concern. Ultimately, 90 per cent of participants felt confident that their organisation would be capable of effectively recovering from a significant breach. According to those who took part in the survey, the two biggest priorities facing an organisation in the wake of a security breach are minimising the impact on the customer (34 per cent) and business continuity (31 per cent). Organisations need to find ways of enabling business continuity and protecting their customers. According to the survey results, the most essential element of a successful incident response strategy is the ability to continually evolve the incident response plan to incorporate lessons learned.
To download the full report ahead of the show in London in June – click: www.infosecurityeurope.com/Industry-Report15.
