IBM says automation is the next big step in cyber security

The fourth IBM cyber security survey has revealed how unprepared companies are for a cyber attack. How can they remedy this? IBM says automation is the next big step in cyber security image

The fourth IBM cyber security survey reveals how unprepared companies are for a cyber attack. Despite widespread acknowledgement that a strong cyber security response plan can save companies significant damages in the wake of an attack, the study shows that many organisations still do not have an incident response plan in place – and those that do have a plan are not testing it regularly.

This is especially concerning given that in the past two years 56% of UK organisations surveyed experienced a data breach, and 62% said they experienced a cyber security incident.

These incidents seem to be coming thick and fast with 50% of the organisations that experienced a data breach saying they experienced two to three times in the year and 19% of those had experienced more than five.

According to the survey, 61% of organisations say the volume of incidents has increased and 70% say the severity has increased.

Yet, 48% believe cyber resilience has improved.

How can this be the case? As it seems that for most firm’s cyber security incidents are a regular occurrence and when they do happen, they’re worse than ever.

Automate… under half? Fewer than 50% of enterprises have deployed intelligent automation technology

86% of IT executives surveyed by Appian believe human work, AI systems and robotic automation must be well-integrated by 2020 — but only 12% said their companies do this really well today

“Failing to plan is a plan to fail”

“Failing to plan is a plan to fail when it comes to responding to a cyber security incident,” said Ted Julian, VP of product management and co-founder, IBM Resilient.

Of those surveyed, 51% said they experience frequent disruptions to business processes or IT. On top of this, 75% of respondents said they do not have a Computer Security Incident Response Plan (CSIRP) that is applied consistently across the entire enterprise. And of the organisations that do have a CSIRP in place, 45% do not test plans regularly or at all.

However, in Julian’s opinion, this is not the way go about things: “These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program.

“When proper planning is paired with investments in automation, we see companies able to save millions of dollars during a breach.”

Studies show that companies who can respond quickly and efficiently to contain a cyber attack within 30 days save over $1 million on the total cost of a data breach on average.

It does seem that awareness amongst firms regarding the necessity of cyber security has increased though — a good sign. The time to detect, contain and respond to incidents has increased significantly, according to 30% of respondents.

Vigilante cyber security: collaboration is better than proactive cyber security

Can organisations realistically go on the offensive? Jonathan Couch saddles up to fire-off some words about proactive cyber security, it seems it helps if they can gather up a posse first, because proactive collaborative cyber security can work. Read here

So what about automation?

For the first time, this year’s study measured the impact of automation on cyber resilience. These technologies depend upon artificial intelligence, machine learning, analytics and orchestration.

When asked if their organisation leveraged automation, only 23% said they were significant users, whereas 77% reported their organisations only use automation moderately, insignificantly or not at all.  Organisations with the extensive use of automation rate their ability to prevent (69% vs. 53%), detect (76% vs. 53%), respond (68% vs. 53%) and contain (74% vs. 49%) a cyber attack as higher than the overall sample of respondents.

Considering this, it’s a wonder that 76% of senior managers who find it difficult to hire and retain IT security personnel don’t change their approach. Only 18% reported using automation significantly in their organisation.

Cyber security best practice: Definition, diversity, training, responsibility and technology

As part of Information Age’s Cyber Security Month, we look at cyber security best practice – everything from defining it to the importance of training. Read here

Latest news

divider
Recruitment
In the world of AI recruitment, the human touch is still essential

In the world of AI recruitment, the human touch is still essential

18 April 2019 / Most HR managers concur that AI is helpful in performing some of the tasks related [...]

divider
Data Analytics & Data Science
Balance sheets and staff remuneration — the value of data is rocketing

Balance sheets and staff remuneration — the value of data is rocketing

18 April 2019 / Property is an asset — it often sits on a balance sheet as one of [...]

divider
Business Skills
Business-orientated IT teams will become a must for the enterprise

Business-orientated IT teams will become a must for the enterprise

18 April 2019 / Are specialist networking professionals in IT teams a dying breed? According to three-quarters (72%) of [...]

divider
Diversity
Hootsuite’s Penny Wilson on sidelining ‘bro cultures’ to achieve real tech innovation

Hootsuite’s Penny Wilson on sidelining ‘bro cultures’ to achieve real tech innovation

18 April 2019 / Penny, how easy was it to develop and progress in an industry that is traditionally [...]

divider
Business Skills
Break down data silos and put data into the hands of the many

Break down data silos and put data into the hands of the many

17 April 2019 / Gone are the days whereby it is acceptable for data silos to exist. A siloed [...]

divider
Data Protection & Privacy
The role of CDOs: a more strategic approach to data and digital transformation

The role of CDOs: a more strategic approach to data and digital transformation

17 April 2019 / Demands on Chief Data Officers (CDOs) are growing. Data is now an in-demand commodity. But [...]

divider
Research
Data-driven business initiatives are failing

Data-driven business initiatives are failing

17 April 2019 / Data-driven business is the new breed of enterprise and start-up alike in the digital economy. [...]

divider
Cybersecurity
Does your vendor run security checks on their products?

Does your vendor run security checks on their products?

17 April 2019 / Recent vulnerabilities discovered in Huawei and Asus laptops have highlighted the importance of vendors carrying [...]

divider
Cybersecurity
Tech Nation’s national cyber security growth programme revealed

Tech Nation’s national cyber security growth programme revealed

17 April 2019 / Tech Nation, the UK network for digital tech entrepreneurs, has revealed the 20 fast-growth cyber [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest