«Incident Response Management»: Attitudes of European EnterprisesElevenPaths 19 junio, 2015 We have recently sponsored a new research study conducted by Pierre Audoin Consultants, PAC, focused on «Incident Response Management». The results detailed are compiled from a survey conducted among large enterprises in France, Germany and the United Kingdom. The report provides key insights into the reality of security breaches and how enterprises are dealing with the current threat landscape. 67% of companies report that they were breached last year and all admit to having been breached at some point in the past. 43% of those companies rate the incident severity high or very high. With an average direct cost of €75k per breach plus indirect costs associated with taking one to six person months to recover from a breach companies have to accept that breaches are inevitable and adapt their strategies accordingly to face this new reality. Not surprisingly over the next two years companies expect a shift in their security budgets between the traditional protect and prevent services versus detection and response from a ratio of 4:1 to 3:2. The shift towards a proactive security strategy We believe this trend will only accelerate and that incident response is an important element of a more proactive security strategy being employed by enterprises. This new threat landscape is reflected in the standardized security services within our portfolio designed to detect and mitigate security incidents, including Phishing or Malware, Brand Abuse, Pharming and the ongoing concerns associated with Customer Credential Markets. In addition we provide customised solutions and expert teams to support enterprises address advanced incidents including forensic analysis. We continue to invest in the development of our Cybersecurity services portfolio in order to provide enterprises with actionable intelligence to help them identify the impact of attacks on their business. This includes insight into the effects on their brand and reputation across their digital estate, including the internet, web portals and social networks, the detection of online fraud and the identification of threat actors, their motivations and attack methodologies. Security technology provides an incredible amount of data. This drives a key challenge within the security industry, the need to rationalise this data and identify a clear picture of what is occurring and what it means. Importantly, much of the relevant information lies outside of the enterprise, driven by the fact that there is no longer a defined perimeter and because most of the threats are executed via the internet. It is crucial that we are able to provide insight into the current security landscape and clearly articulate the current status for enterprises. Not surprisingly, the PAC study details how companies are challenged by the lack of in-house threat intelligence skills with 38% of security teams identifying this as their main source of concern. Don’t just stand there, prepare! Detecting an incident rapidly and effectively means that enterprises need to be ready. The need to prepare and react are two sides of what is usually a single problem. When we consider the need to prepare for a cyber-incident response it is clear that while incidents are out of our control, in that we cannot predict who will attack, when it will occur or what will happen, organizations crucially should expect an attack and be prepared to react appropriately. 86% of enterprises recognise this and within the research identified the need to be ready as central to their strategy. This proactively manifests itself in the form of implementing strategies that will help if and when the breach happens. This includes a CyberIncident Response Strategy or Plan that is maintained and tested. It includes a crisis handling plan, roles and responsibilities post-discovery and communication plans etc. By having these key items in place and creating controls that allow the discovery of incidents, companies are better prepared for an organized post-incident response. To notify or not notify, that is the question The new European regulation with the inclusion of the mandatory breach notification is yet to be issued, however, companies are exploring what this will mean to their businesses. 87% of respondents indicated concern with regard to this change. Responding to an incident is not only a technological challenge it has a negative impact on a number of elements within any organization. The technological response mainly addresses the need to safeguard core aspects including communication, both internal and external, minimizing business operational impact and ensuring continuity. Breach notification requires technological support which produces the right type of information in a reasonable timeframe but also a communications challenge to ensure that any public announcement is effectively managed. This is reflected in the responses captured. 71% of respondents raised this as a key concern whilst 52% considered this a more important challenge than the technical issue. As the legislation initiative evolves, the need for enterprises to develop their cyber-incident response plans becomes paramount in order to be able to manage these issues. We believe this is why increasingly cyber-incident response plans are either linked or even included in the business continuity plan. Many of the softer skills required to manage an incident, will be the same regardless of the nature of the incident. As the market matures, and with a greater understanding of the cyber-risks and the associated importance of these risks increases for enterprises, the concept of Cybersecurity will be considered as another source of risk, to be managed in a consistent way. I’m in trouble. Can you help? The final part of the report assesses the strategy of outsourcing as a potential approach to addressing cyber-incident response. 69% of participants indicated that they have a combination of both internal and external staff dealing with security incidents. While initially this number appears surprisingly high, in retrospect, given that the severity, complexity and impact of incidents vary widely, it seems reasonable that companies adopt a human resources strategy which is flexibly designed to provide a range of capabilities in order to be ready for a different types of incidents. This is especially relevant when considering that companies often utilise external resources to support the management of standard security incidents which allow them to focus on more strategic security issues. Once an organisation is aware of an incident they are immediately concerned with its containment and resolution. A breach will not solve itself, or simply disappear, hence its damaging effects continue to grow. This explains why respondents cite quality, speed and knowledge in preference to the more traditional reasons for outsourcing, which normally include cost or budgetary flexibility. We understand this important requirement and provide key performance indicators for the time taken to close an incident as part of our on-line portal for our cyberincident response services. Telefónica is both an ISP and an IP backbone provider and we have extensive experience in managing security inside our global and national networks as this is a core requirement for our business. We can leverage that experience as well as our cloud and network assets in order to deliver comprehensive managed security services. We believe that within Cybersecurity we can provide a comprehensive and end-to-end view of the security challenges faces enterprises from the generation of threat intelligence through to incident response where our experience and our network enable us to use network-based mitigation measures. You can now download the study conducted by the consultancy company Pierre Audoin Consultants (PAC) and supported by Telefónica: » Download the executive summary of the “Incident Response Management: How European Enterprises are Planning to Prepare for a Cyber Security Breach”. » Download the full study “Incident Response Management: How European Enterprises are Planning to Prepare for a Cyber Security Breach”. Luis Francisco González Twitter: @lfghz Qué hemos presentado en el Security Day 2015 (III): un combinado de Tacyt y SinfonierTelefónica Trend Report: The PoS Malware threat in 2015
Roberto García Esteban ChatGPT y Cloud Computing: un matrimonio bien avenido ChatGPT (quizá no sepas que son las siglas de Chat Generative Pre-Trained Transformer) está en boca de todos por su impresionante habilidad para generar textos que parecen escritos por...
David Prieto Marqués La importancia del control de acceso: ¿está tu empresa protegida? Por David Prieto y Rodrigo Rojas En un mundo cada vez más digitalizado y complejo, la seguridad de la información es fundamental para las empresas. A medida que las empresas...
Telefónica Tech Boletín semanal de Ciberseguridad, 22 – 26 de mayo GitLab parchea una vulnerabilidad crítica GitLab ha abordado una vulnerabilidad crítica que afecta a GitLab Community Edition (CE) y Enterprise Edition (EE) en la versión 16.0.0. En concreto, dicho fallo...
David García ¿Salvará Rust el mundo? (II) Segunda entrega en la que descubrimos cómo Rust, el lenguaje de programación de código abierto centrado en la seguridad, mejora el panorama en cuanto a vulnerabilidades basadas en errores...
Sergio de los Santos Cuatro hitos en Ciberseguridad que marcaron el futuro del malware Un recorrido por los 15 años que ha dedicado Microsoft para consolidar una estrategia que ha repercutido en la Ciberseguridad a nivel global
Telefónica Tech Boletín semanal de Ciberseguridad, 15 – 19 de mayo Vulnerabilidades en plataformas cloud El equipo de investigadores de Otorio descubrió 11 vulnerabilidades que afectan a diferentes proveedores de plataformas de administración de cloud. En concreto, se tratan de Sierra...