Companies are getting better at preventing cyberattacks on their data and IT systems, with 87 per cent of attacks now being blocked, compared to 70 per cent in 2017, according to a study by Accenture. The volume of attacks continues to rise however, with the average number of focused cyberattacks per organisation more than doubling in the past year (232 through January 2018 versus 106 through January 2017, according to figures from Accenture). Companies still face an average of 30 successful security breaches per year, however.
Invest wisely in security
The study also found that only two out of five organisations are currently investing in breakthrough technologies like machine learning, artificial intelligence (AI) and automation to prevent breaches. Accenture Security's Kelly Bissell said that while companies are doing a better job of preventing data from being hacked, stolen or leaked, they still have more work to do. “Building investment capacity for wise security investments must be a priority for those organisations who want to close the gap on successful attacks even further,” she said.
The study also found that:
- companies are detecting security breaches much quicker than in the past: 89 percent of respondents said their internal security teams detected breaches within one month compared to only 32 percent of teams last year;
- companies are relying on collaboration with outside organisations to detect breaches: internal IT teams detect only 64 per cent of breaches.
Achieve better cyber resilience
Five steps organisations can take to achieve cyber resilience include:
- Build a strong foundation. Identify high value assets and harden them. Ensure controls are deployed across the organizational value chain, not just the corporate function.
- Pressure test resilience like an attacker. Enhance red defence and blue defence teams with player-coaches that move between them and provide analysis on where improvements need to be made.
- Employ breakthrough technologies. Free up investment capacity to invest in technologies that can automate your defences. Utilize automated orchestration capabilities and advanced behavioural analytics.
- Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.
- Evolve the role of CISO. Develop the next generation CISO — steeped in the business and balancing security based on business risk tolerance.
CTMfile take: The 2018 State of Cyber Resilience really shows that companies are fighting a huge battle. Even as they get better at preventing attacks, the sheer number of attacks means that an equivalent volume are still successful. The only way to counter this seems to be strategic investment to try to stay a step ahead of cybercriminals.
Cyberattacks triple in financial services sector in past 5 years
Cybercrime has a greater impact on financial services than on any other industry, with greater costs and a higher attack rate, according to research by Accenture and the Ponemon Institute
Fraud’s underground marketplace is targeting your organisation
Symantec Internet Security Threat Report shows fraud is a business and details the best practices to prevent each type of Internet threat
Your biggest enemies – cyber criminals – worry about cash flow too
Cyber criminal organisations are methodical, structured and highly motivated, which means we should all be taking online security very seriously indeed