Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/14/2020
01:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Osterman Research Finds Cyber Crisis Preparation Failing to Adapt to Modern Threats

Despite pace of the threat landscape, over a third of organizations leave a year or more between cyber crisis simulations and 42% don't have regular cross-team incident planning.

Boston, MA and Bristol, England (August 12, 2020) – Today, a stark disconnect exists between the inadequacy of crisis exercising and the desire to build an effective cyber crisis response function, according to a new Osterman Research study published in association with Immersive Labs. The report into senior security leaders at 402 organizations with an average of 1900 employees in the US and UK found nearly 40% are not fully confident in their teams training to handle a data breach if one happened that week. 

Looking at the evolution of ransomware alone, the number of ransomware detections in business environments rose by 365% between Q2 2018 and Q2 2019, and global organizations have seen a 148% spike in ransomware attacks amid COVID-19. Meanwhile, more than a third of organizations surveyed say they space their tabletop exercises a year - sometimes two - apart, with most (65%) consisting of reviewing PowerPoint slides. In fact, slide-based sessions are nearly 20 times more common than practicing simulations and most (64%) ran three or fewer scenarios during their last exercise.

“If you did your ransomware training in January, you’re likely five ransomware techniques behind the curve now,” said James Hadley, CEO of Immersive Labs. “With three quarters of organizations agreeing that business continuity was at the forefront of their minds, it is time to close the gap between attackers and defenders and shake up the outdated status quo. This requires faster, shorter crisis drills run with the people you will be standing shoulder to shoulder with when the worst happens. Crisis exercises must be made more contemporary.”

Additional key takeaways from the research report are highlighted below, spotlighting the need for more –and modernized – cyber training across organizations, not just on the security team:

Over reliance on plans contributes to low Incident Response (IR) confidence: Despite organizations’ low confidence in their IR preparedness, the majority (61%) of respondents think having an IR plan is the single most effective way to prepare for a security incident. In fact, twice the amount of respondents thought an IR plan was more effective than regular table-top crisis exercising. When they do perform crisis exercises, nearly 40% of all senior security leaders surveyed said the last exercise generated no action from the business.

Only a fraction of people who will be involved in a real crisis are presen tin training: A quarter of organizations surveyed ran crisis exercises without senior cybersecurity leadership in attendance, and only 20% of exercises involved communications team members, although the survey showed impact on brand is more important in security leaders’ minds when running crisis exercises at 47%, than share price (24%) or liquidity (27%). Nearly half of security leaders said their organizations do not have a cross disciplinary cyber crisis group, of those who do, only 17% met monthly.

The pandemic exacerbates challenges with the human factor: 20% of respondents said they find it impossible to effectively involve people in crisis response remotely from other geographies. Add to that, the human element of the cyber equation is being overlooked by crisis response exercises with only 15% saying they are focused on stress testing human cyber readiness.

Technology investments can’t save an organization alone, it’s time to focus on people: Nearly 60% of respondents think the best way to prepare for a crisis incident is to buy more technology, and more are interested in covering themselves legally (38%) than running effective tabletop exercises and fire drills to train their teams (32%).

“Dusting off the three-ring binder crisis plan does not cut it today,” added Hadley. “In the first 30 minutes of a crisis, it is highly unlikely you’re thinking of your plan. It’s the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro- drills, or very focused exercises, designed to address particular risks must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective.”

Immersive Labs is addressing this need for more hands-on, repeatable crisis training with the release of its Cyber Crisis Simulator that allows people to continually test their organization’s reactions to the latest real-world attacks and is designed to be relevant to everyone from legal and communications teams, to cybersecurity specialists. With the Cyber Crisis Simulator, this is delivered through a browser, allowing a resource for consistently improving and measuring cyber awareness.

About Immersive Labs Immersive Labs is empowering organizations to equip, exercise, and evidence human cyber capabilities. We provide metrics that give security leaders insight into human cyber skills and readiness levels across their organization and improve these through dynamic labs and crisis scenarios which track the threat landscape. Immersive Labs is backed by Goldman Sachs and Summit Partners and our customers include some of the largest companies in financial services, healthcare, and Government, amongst others. For more information on Immersive Labs’ offering, please visit www.immersivelabs.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9982
PUBLISHED: 2020-10-27
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.
CVE-2020-3855
PUBLISHED: 2020-10-27
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.
CVE-2020-3863
PUBLISHED: 2020-10-27
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.
CVE-2020-3864
PUBLISHED: 2020-10-27
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
CVE-2020-3880
PUBLISHED: 2020-10-27
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbit...