Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/19/2020
10:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cyber Resilience Benchmarks 2020

Here are four things that separate the leaders from the laggards when fighting cyber threats.

These days, companies that want to compete must go digital. But the digital world has become complex and, in some cases, downright scary. Protecting against the Web's ever-present threats — via cybersecurity — is a tough problem for businesses of any size. But going about it the wrong way by sinking money into the wrong or ineffective solution can result in more than a depleted bank account. It can also ruin the company's brand, reputation, and future earning potential.

The recent "Third Annual State Of Cyber Resilience" report published by Accenture examines how organizations are dealing with their cybersecurity needs and the techniques they can use to do it better. However, the gap between the top organizations and the laggards is huge. The top firms make the most of their security investments, but the laggards have much lower threat detection rates, great adverse impacts and downtimes after a cyberattack, and more customer data being exposed. Accenture says companies experience an average of 22 security incidents annually, which equals a potential saving of $6 million per year for the laggards.

Here are four things that separate the leaders from the laggards:

1. They use the right metrics.
As costs rise and the number of third-party threats grows, it's even more critical that the money spent on security actually delivers effective and efficient results. Companies that get digital right spend to enhance operational speed, extract value from new investments, and sustain what they have. The laggards zero in on measuring their cyber resilience, but the leaders want to know how quickly they're getting to that destination. In fact, leaders say, the top three metrics of cybersecurity success emphasize speed.

According to Accenture, leaders take pride in how fast they can detect a security breach, mobilize a response, and return to business as normal. They also measure their resiliency — the number of systems that were compromised or stopped, and for how long — and how accurately they were able to pinpoint cyber incidents. While leaders look for speed of threat detection, mitigation, and recovery, the nonleaders are more concerned with the outcomes they want to achieve: cyber operational technology (OT) resiliency, repetition (the portion of breaches that come from repeated attempts of the same type), and cyber IT resiliency.

The nonleaders ought to rethink their priorities to gauge and ramp up how fast they detect, respond, and recover from cyber threats. They should replicate the methods leaders use to assess cybersecurity performance to attain higher levels of resilience.

2. They value speed.
Bouncing back from a security incident quickly is critical to minimizing damage and reducing the impact on the organization. That's why leaders who embrace speed say that 83% of the security incidents they experienced made little or no impact on their organization's operations.

These leaders make the most of current technology. Artificial intelligence (and machine learning) was cited as the No. 1 source to detect and respond to incidents quickly. Such tools enable security leaders to find and remediate damage nearly three times faster than companies that don't use such tools, the report finds.

The nonleaders should think hard about putting money into technologies that enable them to measure their cybersecurity performance through metrics such as faster detection, faster mitigation, and shorter recovery times.

But there are a lot of vendors and tools out there, and many of them are unclear about exactly what benefits they can offer in terms to time to mitigate. If they are clear, they typically only talk about known attack patterns. However, since the threat landscape keeps evolving, organizations must ensure proper safeguards against emerging patterns too. Because there's no time to waste in mitigating the effects of an attack, companies must carefully scrutinize their security-provider service-level agreements and make sure they align with the company's needs.

3. They reduce impacts.
The third point relates to the second, in that failing to take advantage of the most advanced security technology means that attacks can last longer and create greater disruption and higher costs for an organization. Fifty-five percent of the top companies had a business impact that lasted for more than a day. Nearly all (93%) of the laggards made the same claim. Getting the organizational impact down to less than a day is hard — even the leaders struggle to do it — but right now it's a more urgent challenge for the nonleaders who have plenty of room to up their game.

One of the big reasons for failure is that many organizations operate with low degrees of security automation and rely on humans to fend off attacks. However, as anyone who's been paying attention to cybersecurity knows, human error is one of the most-cited reasons for things to go terribly wrong.

That's one reason why, over the last year, 13% of the security leaders faced charges of regulatory violations versus 19% of the nonleaders. Also, 19% of the latter incurred fines, as opposed to only 9% of leaders. Given that the EU's General Data Protection Regulation can levy fines of over $100 million for violations, it's clear that noncompliance could result in fines that are even higher than the already considerable downtime costs.

4. They're team players.
When quizzed on how much collaboration matters, 79% of the respondents in the Accenture survey opined that working with law enforcement, government, and the broader security community will be essential to fighting cybercrime in the future. On that note, organizations that do this best — the ones that employ more than five ways to unite strategic partners, the security community, and internal resources to grow awareness and understanding of cybersecurity issues — are twice as good at protecting themselves against attacks than those who take a less-thorough approach.

On top of this, corporate governance is also undergoing some changes. Reporting security matters to the CEO has increased by 8 percentage points, but reporting to the board has shrunk by 12%. Direct reports to the CIO are down about 5% year-on-year — reducing a possible conflict of interest between both realms — with a general drift to the CTO of about 10% over the same period, the Accenture report highlights.

Staff and employee training is one more big area for improvement. Thirty percent of the security leaders said they train more than three-quarters of the people who need training on new security tools. Among nonleaders, the figure is only 9%.

Conclusion
If there's anything the Accenture report shows, it's that everyone — even the security leaders — can do better. Whether they are leaders or laggards, organizations should look at hard at where they're falling short and make every effort to improve.

In every case, putting money into boosting operational speed, extracting value from security investments, and stewarding what they have will put an organization on the right road to effective cybersecurity. Those who do this best tend to choose advanced technologies that help them detect and respond to cyberattacks fast. Once they settle on a security solution, they roll it out quickly.

In fact, the number of leaders who invest over one-fifth of their budget in advanced technologies has grown twofold over the past three years. As a result, these leaders have become more confident in their ability to extract more value from their investments and are outperforming companies that don't take the same rigorous, proactive approach to cybersecurity.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11565
PUBLISHED: 2020-04-06
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa.
CVE-2020-11558
PUBLISHED: 2020-04-05
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_m...
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.