Marina Kidron, Director of Threat Intelligence at Skybox Security

Senior executives must pick up the pace of their cybersecurity provisions following research that indicates that many don’t fully understand the potential impact of a cyberattack despite most having a cyber strategy in place, a threat expert has claimed.
The government’s annual FTSE 350 Cyber Governance Health Check, which assesses and reports on cyber security risk management in the UK’s 350 largest firms, found that only 16% of those questioned have a true grasp of the impact of loss or disruption associated with cyber threats. And although 95% have a cyber security incident response plan in place, only around half (57%) actually test their plan on a regular basis.
Commenting on the findings, Marina Kidron, Director of Threat Intelligence at Skybox Security said according to the company’s own Vulnerability and Threat Trends Report 2019, last year saw a 12% rise over 2017’s total of number of vulnerabilities identified.
“While only a small number of these vulnerabilities will be exploited in the wild, it’s still the responsibility of the organisation and its security team to have full visibility of their attack surface – something that’s becoming increasingly difficult as technologies like cloud and IoT further fragment the cybersecurity environment,” she said. “If you have limited visibility of where your risks are, it’s impossible to know how to protect yourself. This is the situation that many business leaders find themselves in today. The inertia on testing cybersecurity strategy might not be due to a lack of desire for stringency, but rather because of a lack of understanding about how rapidly the threat environment can change. New forms of malware, ransomware etc. are created every single day. Without regular testing, any plans in place will become out-of-date incredibly quickly. If organisations don’t properly monitor and test their cybersecurity incident response plan, they might as well not have one at all.”
It’s likely, she said, that the cybersecurity skills crisis has a hand to play here: “It’s a sobering truth that there aren’t enough skilled cybersecurity professionals, which means that many organisations simply don’t have the capacity to maintain their cybersecurity incident response plan,” added Kidron. “In this case, automating the testing of cyber-defences is a must. They need to look for tools which can automate change management processes, give full visibility of the hybrid network and offer the internal and external threat context that they need to prioritize mitigation. The threat from cybercriminals is real and present. Without understanding this, our businesses are left teetering on a cliff edge. If they don’t want it to crumble away before them, they need to build the necessary barriers to cybercrime as soon as possible.”

Avatar
by Guy Matthews
imp-loader
preloader