Organisations are demonstrating success in detecting and blocking focused cyber attacks, even as the number of attacks per organisation has more than doubled year on year, according to a new study from Accenture.
Ransomware and distributed denial of service (DDoS) attacks have been on the rise, with 232 attacks through January 2018 compared with 106 through January 2017, said the professional services firm’s 2018 State of Cyber Resilience study, which investigated focused attacks defined as having the potential to both penetrate network defences and cause damage, or extract high-value assets and processes from within organisations. Some 4,600 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries were surveyed across the Americas, Europe and Asia-Pacific.
Investment in cybersecurity needs to increase
Despite the increased pressure of the attacks, organisations are upping their game and preventing 87% of these focused attacks, compared to 70% a year ago. However, with 13% of focused attacks still penetrating defences, organisations are still facing an average of 30 successful security breaches per year. These cause damage or result in the loss of high-value assets.
In addition, only two out of five organisations are currently investing in technologies like machine learning, AI and automation, indicating there is even more progress to be made by increasing investment in cyber resilient innovations and solutions.
Accenture Security managing director Kelly Bissell said, "Building investment capacity for wise security investments must be a priority for those organisations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organisations in the next two to three years. That's an encouraging projection."
Security Teams Find Breaches Faster
Accenture’s study also found that organisations now take less time to detect breaches, from a matter of months and years to now weeks and days. On average, 89% of respondents said their internal security teams detected breaches within one month compared to only 32% of teams last year. And this year 55% of organisations took a week or less to detect a breach compared to 10% last year.
External collaborations help
However, despite the faster pace, security teams are still only finding 64% of breaches, which is similar to last year. The other breaches were detected through collaborations with external parties. Accenture said this underscores the importance of collaborative efforts among business and government sectors to stop cyberattacks. When asked how they learn about attacks that the security team has been unable to detect, respondents indicated that more than one-third (38%) are found by white-hat hackers or through a peer or competitor (up from 15%, comparatively, in 2017). Interestingly, only 15% of undetected breaches are found through law enforcement, which is down from 32% the previous year.
Respondents said while external incidents continue to pose a serious threat, organisations should not forget about the enemy from within. Two of the top three cyberattacks with the highest frequency and greatest impact are internal attacks and accidentally published information.
When asked which capabilities were most needed to fill gaps in their cybersecurity solutions, the top two responses were cyber threat analytics and security monitoring (46% each). Organisations also realise the benefits of investing in emerging technologies, as a large majority of respondents (83%) agree that new technologies such as artificial intelligence, machine or deep learning, user behaviour analytics, and blockchain are essential to securing the future of organisations.
Five steps to cyber resilience
Accenture proposes five steps which organisations can take to achieve cyber resilience:
1. Build a strong foundation. Identify high value assets and harden them. Ensure controls are deployed across the organizational value chain, not just the corporate function.
2. Pressure test resilience like an attacker. Enhance red defense and blue defense teams with player-coaches that move between them and provide analysis on where improvements need to be made.
3. Employ breakthrough technologies. Free up investment capacity to invest in technologies that can automate your defenses. Utilize automated orchestration capabilities and advanced behavioural analytics.
4. Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.
5. Evolve the role of CISO.Develop the next generation CISO — steeped in the business and balancing security based on business risk tolerance.
The Accenture 2018 State of Cyber Resilience study can be found in full here.