A majority of global organisations are facing waves of cyber-attacks which not only drain resources but also impact their effectiveness in dealing with security incidents.
On an average, UK firms perform better when dealing with security incidents compared to their European counterparts.
A survey of 600 senior security professionals from a similar number of global organisations conducted by IDC has revealed the true impact of cyber-attacks on global organisations as well as how they are dealing with multiple security incidents.
The survey reveals that on an average, as many as 62% of all firms are facing cyber-attacks at least once a week, with around 20% facing them on a daily basis. The brunt of the cyber-attacks is faced by larger firms which employ more than 1,000 people with 68% of such large firms facing weekly cyber-attacks. Among firms employing between 1,000 and 5,000 people, only 4% face cyber-attacks continuously, 2% face cyber-attacks hourly, 23% face daily, 39% face weekly and 25% face monthly cyber-attacks.
Among all UK firms, 28% of them face weekly cyber-attacks, 26% face them once in a month, 24% face them daily and around 14% do not face security incidents at all. On an average, organisations in the UK encounter more security incidents on a daily basis compared to organisations in France, Germany and Sweden. The IDC survey also revealed that organisations in the UK are second only to US firms when it comes to facing security incidents.
Such recurring security incidents are taking a toll on organisations everywhere who have to spend more time and resources on analyzing and assessing security incidents continuously. The IDC survey notes that only 47% of all organisations gather enough information about those incidents to enable appropriate or decisive action and only 27% of all organisations believe they are coping well with such incidents. At the same time, one in every three organisations believes they are “constantly firefighting" to take care of emerging incidents.
Considering that organisations, especially larger ones, are now facing continuous waves of cyber-attacks, the amount of time they need to investigate security incidents is huge. Not only are organisations struggling with a skills shortage, but repeated cyber-attacks are also crippling their efforts to improve security capabilities. Out of 600 security professionals covered by the IDC survey, over half of them said that since existing resources are too busy on routine operations and incident investigation, they have little time to improve cyber-security protocols.
“The amount of time companies are spending on analyzing and assessing incidents is a huge problem. The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations. This is exacerbated when considered alongside the security skills shortage, which has the most impact in high-value areas like incident investigation and response. Organizations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimize impact,” said Duncan Brown, associate VP for security practice at IDC.
Despite such challenges, organisations in the UK are better placed in tackling security incidents and have so far resolved individual incidents quicker compared to their European counterparts. As many as 37% of UK firms said they coped comfortably with security incidents and 22 per cent of UK firms can resolve incidents in 24 hours, compared to 13 percent overall.
Despite leading in these fields, UK firms need to do a lot more to tackle cyber-threats more convincingly. Resolving security incidents within the first 24 hours can prevent large-scale data breaches and can also save a lot of money, resources, and reputation. With only one in five firms capable of doing so at present, the scope for improvement is quite large at present.
“It’s time to change how we approach incident response. As attacks become more advanced, frequent, and take advantage of IT complexity, we must become proactive in our approach to security – how else will we know we have been breached?" said Haiyan Song, senior vice president for security markets at Splunk.
"As demonstrated by the swift, global spread of WannaCry, it has never been more important for organizations to proactively monitor, analyze and investigate to verify whether there are real threats, then prioritize and remediate the most critical. By taking an analytics-driven approach, and increasingly automating when possible, security teams can shorten investigation cycles, respond quickly and appropriately in the event of a compromise, free up resources to focus on more strategic initiatives and ultimately improve security posture,” he added.