Almost half of firms will plan for cyber-attack disruption by 2018

40 percent of large organisations will have formal plans to address “aggressive” cyber-security business disruption attacks by 2018, according to research outfit Gartner.

In its new “Attack on Sony Pictures Is a Digital Business Game Changer” report, the firm says that there are currently no companies (0 percent) adopting such a strategy, which would see CISOs and business continuity managers (BCMs) increasingly move from prevention to detecting and responding to attacks.

Gartner's research was following up last year's data breach at Sony Pictures and the outfit describes these attacks as ones which cause a prolonged disruption to internal or external business operations.

“Gartner defines aggressive business disruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage," said Paul Proctor, vice president and distinguished analyst at Gartner.

“Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the internet by attackers. Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack. Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels — and could have a longer media cycle than a breach of credit card or personal data."

As a result, the analysts urge CISO and BCMs to change approach to detection and response, with budgets changing accordingly.

"Entirely avoiding a compromise in a large complex organisation is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur," said Proctor. "Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security programme. Balancing investment in detection and response capabilities acknowledges this new reality."

The report notes that Internet of Things (IoT) devices expand the attack surface, and will command increased attention, larger budgets and deeper scrutiny by management. On the latter, Gartner says that board members have been taking a keener interest in cyber-security since 2012, but adds these latest attacks will “provide a fresh opportunity to build the new business case for cyber-security investment and institutionalise more-proactive thinking about cyber-security risks.”