According to the latest Verizon Data Breach Investigations Report and the Verizon Insider Threat Report by American telecommunications company, Verizon, businesses are now more aware than ever of how cybercrime could impact their reputation, and their bottom line. In an industry which has always been marred by lack of cybersecurity talent and cybersecurity being an afterthought, the study highlights a change of thought and trend. It continues to highlight how security has become a boardroom topic.
The company had often stressed on how cyber-threats and trends that should be on every organization’s radar in its annual reports in the last three years. According to the report, it is not only important to understand the threat landscape but also have a comprehensive approach toward dealing with cybersecurity incidents.
“Companies think that having an IR Plan on file means they are prepared for a cyber-attack. But often these plans haven’t been touched, updated or practiced in years and are not cyber-incident-ready,” comments Bryan Sartin, Executive Director, Verizon Global Security Services. “Having an out-of-date plan is just as bad as having no plan at all. IR Plans need to be treated as ‘living documents’, regularly updated, and breach scenarios practiced in order for them to be truly effective,” Verizon said in a statement.
John Grim from Verizon Threat Research Advisory Center (VTRAC) and Investigative Response Team said, “IR Plans can be kept current by including stakeholder feedback, lessons learned from breach simulation testing as well as intelligence insights on the latest cyber-tactics being used. This enables the plan to constantly re-create itself reflecting the ever-changing cyber-security landscape.”
Verizon has also identified six typical phases every incident response plan which begins with: Planning and preparation; Detection and validation; Containment and eradication; Containment and eradication; Collection and analysis; Remediation and recovery; and Assessment and adjustment.
In another study, according to research by Infosys Knowledge Institute (IKI), the research arm of Infosys, titled ‘Assuring Digital-Trust’ nearly half i.e. 48 percent of corporate boards and 63 percent of business leaders are actively involved in cybersecurity strategy discussions.
IKI surveyed 867 senior executives from 847 firms with annual revenues over US$500 million. These firms were from countries like the U.S., Europe, Australia and New Zealand (ANZ). The research points out that security has finally taken the center stage.