A security intelligence leader at Lancope and Ponemon Institute conducted a survey entitled “Cyber Security Incident Response: Are we as prepared as we think?” The Ponemon report says that in USA and UK, senior managers and CEOs within organizations are not fully prepared against imminent cyber attacks. Therefore, CSIRT (Computer Security Incident Response Team) in organization have negligible resources that could prevent continuous threat attacks.
Lancope and the Ponemon institute research surveyed on 674 IT security professionals from UK and USA, who are associated with CSIRT tasks that determines the level of awareness of their CSIRT. There are 357 belonged respondents were belonged to USA organizations and the rest 317 respondents were belonged from UK organizations.
- Total 20446 participants were selected but only 1793 respondents completed survey.
- Out of them, 113 surveys results were removed due to reliability issue.
- The final sample was of 674 surveys or we can say 3.3% response rate.
What is CSIRT?
Generally, Computer Security Incident Response Team (CSIRT) is a security expert team that provides service to handle computer security incidents and supports organization to recover from such threats.
Considered Attacks:
The Ponemon report focused on main four attacks those are as follows.
- Botnets
- Distributed denial-of-service (DDoS) attacks
- Insider threats
- Advanced persistent threats (APTs)
Study Findings:
We have gathered some important findings from this report, like:
- 68% organizations have faced cyber attack in past 24 months,
- 46% organizations accepted that the imminent attack could happen within next six months,
- 34% respondents said that they have no proper CSIRT to respond to threats,
- 80% respondents do not regularly communicate with executive management about potential threat,
- 50% respondents do not have metrics to measure effectiveness of incident response,
- Only 20% of respondents regularly communicate with executive management about potential threats,
- 45% respondents do not receive and share threat intelligence information from other organizations,
- 14% respondents say that executive management takes part in incident response process.
Few recommendations:
The survey also provides recommendation to organizations about CSIRT that are as follows:
- It is necessary to make incident response team that should consist of experienced full time members.
- Take ongoing assessment of incident response team, and define rules of engagement for incident response team.
- Decide operational metrics to assess effectiveness of CSIRT.
- The result of incident response process report should be written in user-friendly language for better communication.
- Involve multiple branches and division in incident response process.
- Always share threat indicators with other organizations.
- Finally, invest in security technology that identifies potential threats in organization.
If you wish to be versed about full report you can find here. The major information in this report is as follows:
