- IBM and Ponemon Institute published their latest Cyber Resilient Organization Report
- Lack of people and not enough funding be noticeable as two key dilemmas plaguing the enterprise security function
The not enough skilled personnel and underfunding in the cybersecurity area – those are two main themes that emerge from the Ponemon Institute/IBM Cyber Resilient Organization Report. We could argue that staff can only be attracted to cybersecurity roles with the promise of big salaries, and so those two themes could be considered to be one – but while that amount of reductionism could be neater, it prevents deeper analysis.
According to the survey results, if organizations are searching to improve their cybersecurity posture, the two approaches to make the fastest gains are to use skilled personnel and to make sure adherence to data protection governance applicable in local territories. Those gains have already been most realized over the last couple of years by those businesses and companies which were not classifiable as “high performing” when it came to cybersecurity.
The measure of cybersecurity breaches identified by the Ponemon Institute might alarm some readers. Incidents that made it to the survey were classified as “causing significant disruption,” or involved the increased loss of over one thousand personal records of clients or employees. That may seem like setting the bar fairly high, considering cybersecurity personnel will be looking to be 100% watertight. And over the last couple of years since the last survey with this type, there’s only been a nominal fall in the number of such incidents.
The three main reasons quoted by survey respondents (there were 3,400 IT professionals involved) as to why things weren’t improving were not enough skilled personnel and resources (already mentioned), but also the existence of data silos. On that score, the issues seemed to stem from the multiplicity of cybersecurity tools and data, rather than from more general demarcation of data repositories between business functions: HR’s data maybe not being amalgamated with Logistics’ data, for example, was not the issue.
Reducing the number of cybersecurity tools (rather than reducing the breadth of the full total toolkit’s abilities) only provided marginal gains in better response times and effectiveness. The message appears to be among targeted throwing of money at the problem — towards new personnel — instead of buying new, shiny toys. There were gains to be made by creating coherent interactions between different tools, the survey respondents felt. While the logic with this is irrefutable, that form of functionality could be most effortlessly achieved by dealing with what cyber teams curently have, rather than sourcing “the one platform to rule them all.”
— Rhea Galsim is trying to be an advocate (@soundslikerhea) July 2, 2020
Like many others of its ilk, the survey has a proportion of obviousness – the requirement for better planning – and serves here to reflect, once more, on the lack of resources and budget available to most cybersecurity teams. Planning, and thus the production of “playbooks” for specific successful cyber threats takes time and, therefore, money.
The most common playbooks successfully set up were around DDoS and malware attacks, with pre-emptive activity such as for example anti-phishing measures receiving less resource allocation, according to the survey’s respondents.
Like lots of the Ponemon Institute’s surveys and research papers, this latest example is sponsored with a commercial company. The intended take-home message of the survey would be to buy something ‘AI-driven’ with the Big Blue stamp on it, nevertheless the real message is one that’s been heard countless times before, but usually not heard: cybersecurity teams need more cash and more people.