Almost half of respondents to the latest Twitter poll run by Infosecurity Europe, Europe’s number one information security event, admit they would be completely unaware if a cyber breach occurred in their organisation. The poll was designed to explore incident response, an area that has come under recent scrutiny following Travelex’s response to its New Year’s Eve cyberattack, which left many of its systems down and impacted travel currency sales.
In answer to the question: ‘If a cyber breach occurred, how quickly could you discover it?’, 31.5% of respondents said they would discover it immediately, 14.3% within 30 days and 6.6% within 200 days. However, a shocking 47.6% conceded they simply would not know.
According to Maxine Holt, Research Director at Ovum, this reflects a widespread issue. “Discovering a breach well after the event is usual. Uncovering breaches is not easy, but proactive threat hunting is an approach being increasingly used by organisations. Regularly scanning environments to look for anomalies and unexpected activity is useful, but it can be difficult to deal with the number of resulting alerts. Ultimately, effective cyberhygiene involves having layers of security to prevent, detect and respond to incidents and breaches.”
Good incident response demands good risk insight. The poll examined this by asking, ‘What understanding do you have of your information assets?’. A worrying 44.7% revealed they had ‘very little’ understanding, with 30.7% stating they had ‘some’ – and only 24.7% said their grasp was ‘comprehensive’.
Bev Allen, Head of Information Security Assurance, CISO, Quilter, said: “Many companies don’t know what or where all their information assets are. They may think they do, but if they’re wrong this leaves them vulnerable to breaches. Consistent knowledge of your assets takes effort; you need tools and systems to record what you have, you need people to follow appropriate processes and you need to search to find out what you don’t know about and where it is. This search must be done regularly.”
Steve Trippier, CISO of Anglian Water, believes the ‘knowledge gap’ is due to a lack of awareness of the need for effective asset management. “It often falls behind other processes in terms of priorities as its value can be less immediately obvious. As more companies introduce automated vulnerability discovery and management, the need for effective asset management will become very obvious, especially as cyber teams highlight vulnerabilities on assets that the organisation forgot it even had.”
The poll also uncovered potential evidence of skewed priorities around post-breach actions. Travelex released a series of statements after its December attack, but received criticism from customers for a lack of information about when service would return to normal and whether sensitive customer data had been accessed, as the gang behind the attack claimed.
In response to the question, ‘What is the key priority when dealing with the fall out of a major cyberattack?’, getting back to business topped the list for 42.4% of respondents, followed by customer communications and PR (23.6%), engaging law enforcement (19.4%) and ensuring compliance (14.6%). This indicates that more time and energy might need to be refocused on the communication side of incident response.