Rise in cyber attacks placing greater focus on incident response
Organizations have long focused their cyber security efforts around prevention, but with the sophistication and frequency of attacks increasing more are beginning to prioritize incident response teams of specialists trained to address and defeat attacks, according to a report from security provider BAE Systems.
The company surveyed more than 150 board level executives, IT decision makers, and information security professionals in the U.S., U.K., and Canada, and found that many organizational data breaches are caused by human error, with attackers preying on human nature and employees making honest but costly mistakes in the course of their daily routine.
Many of the incidents were phishing attacks (71 percent) or untargeted viruses or malware (65 percent).
Incident response teams are dealing with an increasing number of incidents per month, the report said, with 66 percent of organizations responding to between one and 25 cyber security incidents per month; and 26 percent responding to between 25 and 99 incidents per month.
Many of the organizations are not prepared to respond to cyber threats, the study noted. Just less than one quarter (23 percent) of incident response teams do not conduct readiness exercises with senior management, missing an opportunity for both executive buy-in and staff skill development. And 22 percent only have temporary or no incident response resources in place.