Header Ads

IDG: Cyber breaches are inevitable: Now deal with it

This is a contributed piece from Duncan Brown, Research Director at Pierre Audoin Consultants (PAC).

The consequences of a major cyber-attack include loss of IP, customer service, revenue and reputation. And fines for data protection non-compliance will soar under upcoming EU regulations, with mandatory breach reporting due to be introduced from 2017.

Responding to an incident quickly and effectively is a complex process, involving technical, communications and management staff.

And the world is watching as you respond.

New research from PAC shows that cyber breaches are inevitable. All of the companies we surveyed recently experienced a cyber-attack and most (67%) have been breached within the last year. How are firms changing their behaviour to deal with this new reality?

The first consequence is that cyber security spend is shifting away from traditional prevent and protect approaches e.g., anti-virus, firewalls and DDoS protection, towards detect and respond operations, resulting in a more balanced security budget. Most firms have built their cyber security approach around protecting the perimeter and preventing attacks. But cyber breaches still occur. This means that firms have used up most of the budget that was supposed to stop a breach.

Most firms take between one and six months to discover an attack, meaning that the perpetrator has been inside the organisation long enough to cause damage. The shift in spend towards a detect and respond approach is therefore a reaction to the inevitability of a cyber-attack. There is a re-balancing of cyber security spend to a more appropriate split of operational attention.

No hay comentarios.

Copyright 2008 - 2016: CXO Community - Todos los derechos reservados. Imágenes del tema de enot-poloskun. Con tecnología de Blogger.