77% of organisations “unprepared for cyber security incidents” states NTT Com Security’s Global Threat Intelligence Report

Organisations remain unprepared and without a formal plan to respond to cyber security incidents. That’s according to the annual Global Threat Intelligence Report (GTIR) produced by NTT Com Security. Analysing global threat trends since 2013, the 2016 report reveals that there has been little improvement in preparedness, with the latest figures indicating a slight increase in organisations that are not properly prepared, despite the rise in security attacks and data breaches.

Pulling information from 24 Security Operations Centres, seven R&D Centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that, over the last three years, on average 77% of organisations fall into the ‘unprepared’ category, leaving just 23% with the capability to respond effectively to critical security incidents.

“Prevention and planning for cyber security incidents seems to be stagnating,” commented Garry Sidaway, vice-president for security strategy and alliances at NTT Com Security. “This is a real concern and could be down to a number of reasons, not least the possibility of security fatigue – too many high profile security breaches, information overload and conflicting advice – combined with the sheer pace of technology change, lack of investment and increased regulation.”

Sidaway continued: “Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is that prevention’s better than cure. Make sure the security basics are right, including having a clear, well-communicated Incident Response Plan in place.”

Although financial services was the leading sector for incident response in previous annual GTIR reports, the retail sector now takes the lead with 22% of all response engagements (up from 12% the previous year). Retail, which is a popular target due to processing large volumes of personal information such as credit card details, experienced the highest number of attacks per client.

Key incident response statistics 

*The report shows an increase in breach investigations, with 28% in 2015 compared to 16% the previous year. Many incidents are focused on the theft of data and intellectual property

*Internal threats jumped to 19% of overall investigations (from 2% in 2014). Many of these were the result of employees and contractors abusing information and computing assets

*Spear phishing attacks accounted for approximately 17% of incident response activities in 2015, up from 2% previously. Many of these attacks related to financial fraud targeting executives and finance personnel, with attackers using clever social engineering tactics (such as enticing organisations to pay fake invoices)

*Despite a rise in Distributed Denial of Service (DDoS) hacking groups like DD4BC and Armada Collective, the GTIR noted a drop in DDoS related activity compared to the previous two years. This is likely to be due to an investment in DDoS mitigation solutions

Incident response recommendations

(1) Prepare incident management processes and “run books” 

Many organisations have limited guidelines describing how to declare and classify incidents even though these are critical to ensure a response can be initiated. Depending on the type of attack, its potential impact and other factors, response activities will be very different for each. Common practices for incident response also suggest organisations should develop “run books” to address how common incidents should be handled in their environment

(2) Evaluate your response effectiveness

When incidents occur, the last thing you want is to lack an understanding of standard incident response operating procedures. Evaluation of preparedness should include regular test scenarios. Consider post-mortem reviews to document and build upon response activities that worked well, as well as addressing areas needing improvement

(3) Update escalation rosters

As organisations grow and roles change, it’s important to update documentation related to who’s involved in incident response activities. Time is critical to incident response. Not being able to quickly involve the correct people can hamper your effectiveness. Updating contact information for vendors such as your Internet Service Provider, external incident response support and other providers is just as important

(4) Prepare technical documentation

To make accurate decisions and identify impacted systems, you must have comprehensive and accurate details about your network to hand

*Download the 2016 GTIR report: https://www.nttcomsecurity.com/en/landingpages/gtir-2016

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts