Companies Could Try Harder at Incident Response, Survey Finds
Companies got a failing grade for their incident response plans according to a study from the Ponemon Institute and IBM recently.
The Cyber Resilient Organization report, published on April 11, surveyed over 3600 global security and IT pros, and found that 77% of them lacked a consistent incident response plan.
A robust incident response plan can help manage data breach costs, according to last year’s Cost of a Data Breach report from BM and Ponemon. It found that the average cost per lost or stolen record was $148, representing a 5% rise from $141 in 2017.
Companies with an incident response team saved $14 per record on average in costs. This was the single biggest way to reduce the cost of a breach, according to the Cost of a Data Breach report. The next most effective was encryption, which reduced the cost by $13 on average.
Insufficient staff resources could factor into companies’ lack of preparation. The Cyber Resilient Organization study revealed that companies were suffering from insufficient staffing to cope with their cybersecurity challenges. Only 30% of them said that they have enough people to achieve a high level of cyber-resilience.
IBM is pushing automation tools as a way to bridge the skills gap and introduce better cybersecurity preparation and response. Automation technologies cover tasks such as identity management and authentication, incident response platforms and security information and event management (SIEM), it said. Fewer than a quarter of all respondents had embraced these technologies in their organization, it added.
In spite of this, just over three-quarters of respondents valued automation as a way of improving cyber-resilience, rating it seven or higher on a scale of 10.
While only 23% of companies overall had an incident response plan across the entire enterprise, that figure soared to 55% among what the survey termed high performers.
These companies, representing 26% of the sample base, self-reported nine or above on a scale of 10 when rating their cyber-resilience. They typically communicated more with senior leaders about the issue, who were more educated about it and tended to provide more cybersecurity funding and staffing. These organizations also valued automation more, it found.
Industry: Cyber Security News
- Identity & Access Management (IdAM) Consultant
- Upto €100,000 plus bonus and benefits
An Identity & Access Management Consultant is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Germany. The Identity & Access Management Consultant will be responsible for technical design and implementation of Identity & Access Management/IAM products within a wide variety of clients. The Identity & Access Management Consultant will have a blend of technical hands-on and client-facing consultancy with the ability to develop new business. Broad technical knowledge across Identity and access management is benefical. The Identity & Access Management Consultant will need to have technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) The Identity & Access Management Consultant must have the willingness to travel to customer sites across Germany (once we are allowed to)
- Create a Cyber Threat Intelligence capability. Analyst. UK
- United Kingdom
To join a cyber consultancy, to aid in building out a bespoke threat intelligence capability for a key client. A rare opportunity that provides support and the ability learning as you go. You must have a passion for all things Cyber and have a excellent command of the English language. (written and verbal). An ideal candidate would be a recent cyber graduate (degree, MSc, PHD) who can provide examples of executive summaries, dissertations / thought pieces. The role will include, but not be limited to; delivering executive summaries of current and potential threats to key stakeholders as well as identifying and building out a bespoke threat intelligence platform using the likes of Recorded Futures, WildFire etc which will feed into the SOC. The ability to achieve Security Clearance will be required. Crest Threat Intelligence Analyst, SANS FOR578 OSINT. UK based but remote. London, Reading for extra brownie points. Chris.firstname.lastname@example.org and +447884666351
- Network Security Presales Consultant
- Upto £75,000 plus coms
A new opportunity has arisen within the presales team of one of our clients an expanding managed security provider. You will be working with an array of customer from small to large global enterprises and will be the technical lead through the sales process. Provide both a consultancy service to customers and support to the sales teams. Use knowledge of the company’s products and services to translate customer requirements into functional, effective and appropriate solutions for the prospective customer base. To understand customer requirements, assist in the qualification processes and by utilising the company’s standard product and services portfolio to create a suitable solution in concept. Present technical solutions to customers both formally and informally as required We are looking for someone with a strong network security background with knowledge of one of the fellowing vendors, Checkpoint, Fortinet, Palo Alto, Ciso would be benefical
- Penetration tester- Inside IR35. London. High profile client.
- £400 Umbrella rate
Penetration tester- Inside IR35 £310 Umbrella rate Long term project London Application and mobile (android / iOs) penetration testing experience Manage and deliver penetration testing project Ability to program or script Strong analytical skills Opportunity to build upon existing hands on experience. Amazing project- high profile client. MUST be commutable to London. Immediate opportunity Chris.email@example.com 07884666351