The UK government has released a report stating that two-thirds of UK companies were hit by a cyber attack in 2015.
Responding to this alarming statistic, Ottavio Camponsechi, Vice President EMEA at FireMon has the following FAQ’s.
It seems like most attacks are preventable, but if so why aren’t organisations doing more to stop them?
Organisations seem to be more focused on solving the problem (which is all but impossible) rather than mitigating the risk. Companies are still investing in cyber security but just in the wrong ways. Instead they should focus on understanding how cyber attacks actually happen so they can be better protected for any future attacks. With a glut of logs and alerts, organisations should implement effective threat triage to weed through all of the information; what’s real, what’s noise and what needs immediate response.
Do more organisations find IT security too hard to implement?
IT security isn’t tricky to implement, but by implementing too many solutions organisations are creating a harder task for themselves than it needs to be. From prevention tools, web and email gateway protection and antivirus, to host-based anti-intrusion and sandboxing, organisations are still vulnerable and instead of protecting themselves they just generate an incredible number of false positives and alerts which someone then has to look over and work out what is and isn’t important. Organisations need to go back to basics in order to assess what is actually necessary and optimise and automate wherever possible.
If the solutions aren’t the issue, then why are firms failing to prevent such attacks, and how can these issues be fixed?
The issues can be fixed fairly easy. Organisations need to know their most important assets and focus on protecting them first and foremost. They should also automate and optimise their cyber security processes, and contextualize their intelligence with the objective or protecting against poor security practices. By providing security teams with the necessary tools to triage and investigate incidents organisations can narrow the window between exploit and discovery which dramatically reduces the impact form any breach. And lastly, they should share insight and knowledge and provide a continuous learning experience in order to build both solid and effective proactive protection measurements.