Over the last three years, an average of 77 percent of organisations were unprepared for cyber-security incidents.
Research from NTT Com Security's 2016 Global Threat Intelligence Report (GTIR) reveals that there has been little improvement in preparedness for security incidents despite the rise in attacks and data breaches.
Research data was collected from 24 security operations centres, seven R&D centres, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents in 2015.
“This is a real concern and could be down to a number of reasons, not least the possibility of security fatigue – too many high profile security breaches, information overload and conflicting advice – combined with the sheer pace of technology change, lack of investment and increased regulation,” says Garry Sidaway, VP security strategy & alliances, for NTT Com Security.
The retail sector, a popular target due to processing large amounts of personal information, takes the lead for incident response with 22 percent of all response engagements and for having experienced the highest number of attacks per client. In previous years financial services had been the leading sector in the GTIR reports.
An increase in breach investigations was discovered, with 28 percent in 2015 compared to 16 percent the year before. Many of the incidents focused on theft of data and intellectual property.
Internal threats increased to 19 percent of overall investigations, from two percent in 2014. Many were due to abuse of information and computing assets by employees and contractors.
A basic security measure, patching, was found to be lacking from most organisations. More than 12 percent of vulnerabilities were over five years old and more than five percent were older than 10 years old. Some vulnerabilities went as far back as 1999.
Spear-phishing attacks accounted for 17 percent of activities in 2015, up from two percent the year prior. Many of these attacks were related to financial fraud targeting executives and finance personnel by use of clever social engineering tactics by cyber-criminals.
A 12 percent drop in DDoS activity was noted compared to the previous two years likely because of investment in DDoS mitigation tools and services.
The GTIR recommends organisations to prepare incident management processes and “run books”, evaluate response effectiveness, update escalation rosters, and prepare technical documentation for more effective preparedness against cyber-security incidents.
“Facing security challenges that didn't exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope,” comments Sidaway. “Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”