Organisations remain unprepared and without a formal plan to respond to cyber security incidents, according to the annual Global Threat Intelligence Report (GTIR) announced by NTT Com Security.
Analysing global threat trends since 2013, the 2016 report reveals that there has been little improvement in preparedness, with the latest figures indicating a slight increase in organisations that are not properly prepared, despite the rise in security attacks and data breaches.
Pulling information from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that over the last three years, on average 77% of organisations fall into the ‘unprepared’ category, leaving just 23% with the capability to respond effectively to critical security incidents.
Incident response statistics from the 2016 GTIR also highlighted:
- An increase in breach investigations, with 28% in 2015 compared to 16% the previous year, with many incidents focused on theft of data and intellectual property.
- Internal threats jumped to 19% of overall investigations – from 2% in 2014. Many of these were the result of employees and contractors abusing information and computing assets.
- Spear phishing attacks accounted for approximately 17% of incident response activities in 2015, up from 2% previously. Many of these attacks related to financial fraud targeting executives and finance personnel, with attackers using clever social engineering tactics, such as getting organisations to pay fake invoices.
- Despite a rise in DDoS hacking groups like DD4BC and Armada Collective, the GTIR noted a drop in DDoS related activity compared to the previous two years. This is likely to be due to an investment in DDoS mitigation tools and services.
Incident response recommendations
Following the worrying findings, the following incident responses are recommended:
- Prepare incident management processes and “run books” – Many organisations have limited guidelines describing how to declare and classify incidents even though these are critical to ensure a response can be initiated. Depending on the type of attack, potential impact and other factors, response activities will be very different for each. Common practices for incident response also suggest organisations should develop “run books” to address how common incidents should be handled in their environment.
- Evaluate your response effectiveness – When incidents occur the last thing you want is to lack an understanding of standard incident response operating procedures. Evaluation of preparedness should include regular test scenarios. Consider post-mortem reviews to document and build upon response activities that worked well, as well as areas needing improvement.
- Update escalation rosters – As organisations grow and roles change, it is important to update documentation related to who is involved in incident response activities. Time is critical to incident response and not being able to quickly involve the correct people can hamper your effectiveness. Updating contact information for vendors such as your ISP, external incident response support, and other providers is just as important.
- Prepare technical documentation – To make accurate decisions and identify impacted systems, you must have comprehensive and accurate details about your network.
The 2016 GTIR report can be downloaded here.
GlobalGiving has announced a three-week programme of free online training on crowdfunding – but only for charities who apply before the 5 October deadline
Increased cloud adoption is being fuelled by cloud-native applications, including security and the Internet of Things (IoT) cloud-based solutions
As readers of this site will no doubt be aware, digital has a massive part to play in the future growth of ... read more
eBay has proved to be one of the more effective ways to engage donors online and raise funds. While a lot of the money raised comes from the sale of goods, successful charities have also managed to establish a donor base that allows them to raise ongoing funds.