According to a report from RSA, the security division of EMC, a majority of organizations are not following incident response best practices and are not well prepared to face the challenges of today’s advanced cyber threats.
The survey focused on measures within four major areas of breach readiness and response: Incident Response, Content Intelligence, Analytic Intelligence, and Threat Intelligence. The results suggest that organizations continue to struggle with the adoption of technologies and best practices that will allow them to more effectively detect, respond to, and disrupt the cyberattacks that turn into damaging breaches.
According to RSA, incident response is a core capability that needs to be developed and consistently honed to effectively face the increasing volume of cyberattack activity. However, 30% of at-large organizations surveyed do not have formal incident response plans in place, and, of those who do have a plan, 57% admit to never updating or reviewing them.
“Organizations are struggling to gain visibility into operational risk across the business,” explains Dave Martin, Chief Trust Offer, RSA. “As business has become increasingly digital, information security has become a key area of operational risk and while many organizations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile. ”
In the general survey, 72% of survey participants have access to malware or endpoint forensics; however, only 42% of survey participants have capabilities for more sophisticated network forensics, including packet capture and net flow analysis.
The survey results also indicated that only 43% of the survey participants at large are leveraging an external threat intelligence source to supplement their efforts.
“People and process are more critical than the technology as it pertains to incident response,” says Ben Doyle of RSA. “First, a security operations team must have clearly defined roles and responsibilities to avoid confusion at the crucial hour. But it is just as important to have visibility and consistent workflows during any major security crisis to assure accountability and consistency and help organizations improve response procedures over time.”
Attackers continue to exploit known but unaddressed vulnerabilities in damaging breaches. Despite this common knowledge, the survey found that 40% of the general population does not have an active vulnerability management program in place, making it more challenging to keep their security programs ahead of attackers.