Three Ways to Become More Cyber Resilient: Findings From Ponemon’s New Study
Last month, we released findings from the Ponemon Institute’s second annual study on cyber resilience, titled “The 2016 Cyber Resilient Organization.” The report assessed organizations’ ability to respond to and recover from cyberattacks and identified the top challenges facing IT professionals today.
When we compared this new data to last year’s results, it was clear that organizations were still unprepared to deal with cyberattacks. In fact, it’s actually getting tougher: Only 32 percent of IT and security professionals reported that their organization had a high level of cyber resilience, down from 35 percent in 2015.
The study also provided insights into the challenges that impede organizations from improving their resilience. For example:
- Two-thirds (66 percent) cited “insufficient planning and preparedness” as a top barrier to cyber resilience.
- About 41 percent said the time to resolve a cyber incident has increased or increased significantly, while only 31 percent said it has decreased.
- A whopping 75 percent admitted their organization lacks a formal, consistent incident response (IR) plan.
Three Ways to Become Cyber Resilient
It’s clear that the challenges are significant and steep. The good news is that the study offered organizations steps to increase cyber resilience. Below are three initiatives outlined in the report that organizations can implement today:
1. Prioritize Planning and Preparation
Improved cyber resilience starts by preparing for cyberattacks. Respondents said that “preparedness” is the single most important factor to achieving cyber resilience.
Security leaders should work toward building consistent and repeatable workflows to quickly investigate and mitigate cybersecurity incidents.
2. Improve Incident Response Across People, Processes and Technology
It’s critical to establish a plan for incident response, but it’s just as important to ensure your plans and workflows are optimized. Security leaders should measure and assess the performance of their IR teams, and streamline and refine processes when needed.
Simulations and tabletop exercises can help ensure that all relevant parties — from the IR team to legal, marketing and executives — are well-versed in the organization’s IR protocols before they’re needed in a real-world incident.
It’s also critical to arm your team with the proper technology. According to respondents, an incident response platform (IRP) is among the most effective security technologies for helping organizations become cyber resilient.
3. Leverage Threat-Sharing Programs
Threat intelligence and threat sharing continue to present a seemingly equal amount of promise and concern for organizations. About half of respondents said their organization participates in an initiative or program for sharing information with government and industry peers. The others are not yet persuaded.
While questions about the cost and usefulness of these programs persist, organizations are increasingly seeing tangible benefits:
- About 81 percent of respondents said threat sharing improves the security posture of their organization.
- Three-fourths (75 percent) of respondents said it increases the effectiveness of their incident response.
- More than half (53 percent) of respondents said it enhances the timeliness of incident response.
It’s important to make threat intelligence work for your specific organization. That includes figuring out how to effectively categorize and act on the intelligence provided as well as filtering out redundancies and noise. When implemented properly, threat sharing can enable important improvements.