Security Incident Response Readiness Survey
2 likes704 views
The document discusses security incident response readiness over time as technologies and threats have evolved. It analyzes survey results from 106 organizations across industries on their security incident preparation. Key findings include: over 70% have a cybersecurity strategy but lack business alignment; budget increases are expected but skills need improving; phishing is a top attack method; and collaboration on incidents needs strengthening through information sharing. The document advocates a strategic, framework-based approach to security incident response focusing on protection, detection, response, and recovery capabilities.
![“It is going to be a continual and
likely never-ending battle to
stay ahead of [cybercrime] -
and, unfortunately, not every
battle will be won.”
Jamie Dimon, after JP Morgan
Chase’s breach](https://image.slidesharecdn.com/incidentresponsesurveypresentation-170316042108/85/Security-Incident-Response-Readiness-Survey-14-320.jpg)
Security Incident Response Readiness Survey
- 1. Security Incident Response Readiness An insight into organization’s ability to Sense, Resist and React to a Security Incident
- 2. Page 2 Introduction 1970s - Mainframes • Ready for natural hazards • Physical response measures in place • Call for external assistance 1980s – Client / Server • Reliance on new technologies • Basic disaster recovery in response to system failures • Virus protection • Identity and access management 1990s - Internet • Enterprise- wide risk management introduced • Regulatory compliance commonplace • Business continuity in focus 2000 – E-commerce • Advances in information and cyber security • Switch to online • Third party outsourcing • Connectivity of devices Recent Times - Digital • Global shocks (terrorist, climate, political) • Business resilience • Internet of Things • Critical infrastructure • State sponsored cyber espionage and cyber attacks Times are changing and so are the risks and threats
- 3. Page 3 Understanding the challenges Recover Adapt & reshape Threats Sense Risk appetite Resist Three lines of defense Critical assets Intellectual property (IP) Revenue Reputation React Technology is increasing organization’s vulnerability to be attacked Increased online presence, Broader use of social media, Mass adoption of BYOD (Bring Your Own Device), Increased usage of cloud services • Collection/analysis of big data • Inherent connectivity of people, device & organization has enhanced vulnerability Ref: Global Information Security Survey 2016 It is the ability of organizations to predict and detect cyber threats. Sense It starts with how much the risk an organization is prepared to take across its ecosystem. Resist If the sense fails and there is a breakdown in the resist, organizations need to be ready to deal with the disruptions and manage the crisis. React
- 4. Page 4 Survey Assessment – Leaderships' Role Cybersecurity a board level agenda. The success of any cybersecurity program depends on support from executive leadership and its alignment with business objectives Management is also realizing the risks to business, however this is just the start and lot of work needs to be completed before the management can be sure of gain enough confidence in their cybersecurity function. Over 70% organizations do not have their cybersecurity strategy aligned with business objectives. 58% of our respondents lack confidence in their organization’s cybersecurity program Over 33% of our respondents do not have a cyber security strategy which considers next 1-3 years. Business Alignment missing Low confidence Short sightedness
- 5. Page 5 Budget Is it enough? 75% of respondents have dedicated budget allocated for cybersecurity. Moreover, 20% of respondents have a budget of over USD $2mn. $$$ 49% of the organizations with a budget of $0.5m - $2m expect their budget to increase by 10-20% in the next 12 months. 36% 36% organizations having no budget allocation for cybersecurity have experienced cyberattacks in last 12 months.
- 6. Page 6 Identifying Crown- Jewels Over 39% ranked employee or customer or supplier personally identifiable information (PII) as the number 1 information most valuable to cyber criminals in the organization. Only 18% ranked senior executive / board member personal information as the number 1 information valuable to cyber criminals in the organization. 19 18 16 21 42 24 16 19 25 22 17 29 30 20 13 17 25 25 20 17 29 18 16 20 12 Senior executive/ Board member personal information Company financial information Corporate strategic plans Login credentials Employees or customers or suppliers or vendors personally identifiable… P 1 P 2 P 3 P 4 P 5 Contd..
- 7. Page 7 Identifying Crown- Jewels Over 30% ranked Phishing / Spam as the number 1 or number 2 source of cyber attack, followed by Malware attacks which is further followed by external cyber attacks and Internal employees. 0 12 10 19 19 26 8 7 9 15 24 23 13 10 16 12 22 13 24 15 22 5 8 12 27 16 14 12 12 5 14 26 15 23 1 7 Espionage (e.g., by competitors) Zero-day attacks Internal attacks (e.g., by disgruntled employees) Cyber-attacks (e.g., to disrupt or deface the organization, to steal financial information, to… Malware (e.g., viruses, worms and Trojan horses) Phishing/ spam P 1 P 2 P 3 P 4 P 5 P 6
- 8. Page 8 Incident Response Framework Over 70% of our respondents have a defined cyber security incident management program. While 84% of organizations with a cyber security incident management program have a dedicated Incident response team set up within their organization. Organizations are taking steps to improve their incident management posture; have initiated cyber security incident programs and trying to include business teams to assist in cyber security incident management program. 84% 61% of organizations have an Incident response team (IRT) in place without a cyber security incident management program. 61%
- 9. Page 9 Where should organizations focus to better resist today’s attacks? The point noted also get further strengthened by the fact that: 36% of organizations believe that higher professional staffing and training would help in improved incident response, this is followed by development of an improved patch management process. 37% of the organizations that have a dedicated IRT believe that the staff is not adequate and require additional skills and trainings. Incident response team must deliver 14% 8% 18% 24% 36% Better incident response capabilities Threat intelligence Improved vulnerability audits and assessments Improved patch management process Higher professional staffing and training 87% organizations have a defined process for communication.
- 10. Page 10 Collaboration is vital 75 47 50 14 CERT- Computer Emergency Response Team Law enforcement and government entities Industry peers We neither receive or share any information 87% of organizations receive or share information with CERT, Law enforcement agencies and industry peers. Potential Collaboration within the ecosystem
- 11. Page 11 Effective measurement is critical 47% of the respondents who don’t have defined indicators have suffered a cyber attack in the last 12 months. 47% The indicators shall be evaluated to find out the status of effectiveness of current cybersecurity framework. 70% respondents have defined performance indicators to measure the effectiveness of the program. 16% 20% 21% 12% 31% No defined frequency/ adhoc basis On a monthly basis On a quarterly basis On an annual basis On an ongoing basis
- 12. Page 12 The board must become more involved in cybersecurity and understand cyber risk The board must understand: ► The suitability of the governance structure ► The appropriateness of the cyber risk management program ► The appropriateness of the cyber risk disclosures required by regulators ► How insider threats should be managed
- 13. Page 13 Just protecting your organisation isn’t enough anymore Guiding Principles ► Focus on impact ► Enhance cyber skills and capabilities ► Benchmark results Strategic Goals ► Protect Crown Jewels ► Determine risk appetite ► Set up Operating Model and Culture Detect GovernRespond Protect Recover Identify Based on Cybersecurity framework
- 14. “It is going to be a continual and likely never-ending battle to stay ahead of [cybercrime] - and, unfortunately, not every battle will be won.” Jamie Dimon, after JP Morgan Chase’s breach
- 15. Page 15 Jaspreet Singh Partner, Advisory Services Jaspreet.singh@in.ey.com Let’s Connect
- 17. Page 17 Survey methodology 106 respondents 19 industry sectors 2.9% 18.6% 2.0% 1.0% 3.9% 6.9% 2.9% 7.8% 2.9% 9.8% 22.5% 3.9% 2.9% 2.0% 3.9% 2.0% 2.0% 1.0% 1.0% Automotive Banking Building Materials Business Services Consulting and advisory… Telecommunications Engineering Finance Healthcare Insurance IT Consulting and Services Manufacturing Retailing Media Energy and Infrastructure Law and Legal Outsourcing Processed Products Electric Utility Logistics and supply chain Respondents by industry sector
- 18. Page 18 Survey methodology 40% 16% 44% 1000 to 10000 Less than 1000 More than 10000 Respondents by number of employees 8% 35% 57% 1 Million USD 100 Million USD more than 100 Million USD Respondents by total annual company revenue