Most Companies Admit They Don’t Have a Very Effective Security Response Plan

Sue Marquette Poremba
Slide Show

Five Ways a CFO Can Invest in Securing Their Organization

Do you have a cybersecurity emergency plan in place? If you do, are you confident in your cybersecurity plan? If you answered both of these questions with a yes, pat yourself on the back for a job well done. And then volunteer some advice to your business peers because you are in the minority.

According to a new study by the SANS Institute, sponsored by AccessData, AlienVault, Arbor Networks, Bit9 + Carbon Black, HP and McAfee/Intel Security, found that 90 percent of American businesses don’t have a very effective cybersecurity emergency plan. One of the top reasons why an effective plan isn’t in place is lack of time to do so and a lack of budget, at 62 percent and 60 percent, respectively.

So, the companies that are already spending time and money on some sort of cybersecurity emergency plan don’t have one as good as they’d like. But these companies are also in the minority, as 43 percent don’t have any type of formal emergency response plan and 55 percent don’t have a response team. That could be a fatal mistake, especially considering that more than half claimed to have had at least one critical incident requiring a response over the past two years.

And chances are it will only get worse. Trend Micro’s second quarter round-up report found that data breaches and other cyber threats dominated the Internet landscape in the first half of 2014, and the study warned that enterprise needs to do a much better job protecting company data. According to the Wall Street Journal:

These incident attacks in the second quarter affecting consumer's personal information included theft of data such as customer names, passwords, email addresses, home addresses, phone numbers, and dates of birth. These types of personal privacy breaches have affected organization's sales and earnings while leaving customers unable to access accounts and dealing with service disruption. As a result many countries have begun developing stricter privacy and data collection policies to begin dealing with this problem.

As Tom Kellermann, chief cybersecurity officer for Trend Micro, told eWeek, we can expect the threats to keep escalating, in part because criminals are taking their activities virtual. He went on to say:

For too long corporations have viewed security as an expense rather than a functionality of conducting business online. Greater percentages of the IT budget must be dedicated to the safety of their customers online.

It all comes down to budget, doesn’t it? But as many studies have shown, the vast majority of smaller companies shut down after a breach, and we’re seeing the push-back and ruined reputations of large companies that have had a miserable response to an attack. What company can afford that?

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Aug 19, 2014 8:43 PM Eirik Eirik  says:
Nice article. I haven't read the referenced SANS study yet. I'm wondering if their survey asked these folk if they had tested their incident or emergency response plan via a 3rd party. Perhaps one might argue that is the difference between plans and practices. Say, I'd greatly value links to those studies reporting breaches drive smaller firms out of business. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.