Security industry losing the cyberwar: RSA
The IT security industry is losing the cyberwar and companies are still woefully unprepared for the threats they face, with 30% of companies still lacking a formal incident response plan.
These are among the findings of a survey by EMC's RSA, answered by 170 respondents from 30 countries.
Even among those companies with a response plan, 57% report never reviewing or updating this plan.
Despite the discovery of high-profile exploits such as Heartbleed and POODLE, 40% of survey respondents also lack an active vulnerability management program.
Results were compared by research from the Security for Business Innovation Council (SBIC), a group of security leaders drawn from the Global 1000.
RSA noted that the number of reported security incidents worldwide increased some 48% in 2014 and financial losses from cybersecurity incidents grew 34% to $2.7 million over the same period.
This indicates that despite growing information security spending, the industry is failing to keep pace with cybercriminals.
Issues holding back the industry include a lack of situational awareness - or a failure to assess the methods, meaning and impact of cyber attacks, exacerbated by companies failing to objectively assess their security stance.
RSA also suggested that organisations do not focus enough spending on detection and response, and noted that many are struggling with a shortage of internal cybersecurity expertise and resources.
The MediSecure breach thrusts the security spotlight back on service providers
Organisations have been confronting security risks in their supply chains for years, but a new...
Managing third-party cybersecurity risks in the supply chain
Third-party cybersecurity breaches occur when the victim's defences are compromised through a...
Countering MFA fatigue demands a rethink on user authentication
While MFA remains effective, highly motivated threat actors are using tactics that seek to...
