Light Dark
June 23, 2016 By Maria Battaglia 3 min read
Incident Response

For most organizations around the world, the concept of global cyber resilience has taken hold — and it’s the standard many are striving to achieve. However, there’s still a great deal of work to be done globally. The state of resilience (and the challenges involved with improving it) varies from region to region.

The Ponemon Institute and IBM Resilient released a series of global studies that explore and benchmark the state of cyber resilience in the U.S., U.K. and Germany. These reports outline the threats and barriers to resilience in each respective country and offer insight on how security teams can build more resilient organizations.

A Conversation About Global Cyber Resilience

To get a more global view of the state of resilience, we spoke with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. We asked him for his thoughts on how the three countries stack up against one another — and the top lessons to be gleaned from the studies.

IBM RESILIENT: When you look at the global research holistically, what do you find to be most interesting?

PONEMON: One thing we find is that there’s general consensus in all countries on the importance of resilience — not just cyber, but in all aspects. Organizations truly understand they need the ability to maintain their integrity and sustain their business in the face of an array of challenges. It’s a growing concern.

Another lesson we learned is that — despite cultural differences — there’s a lot of symmetry around the globe when it comes to barriers to IT and security. In order for companies everywhere to be resilient, they need to overcome corporate silos and create a cross-functional team that brings different skills to the table.

But a lot of teams don’t press their comrades in other departments and don’t speak each other’s languages. As a result, it creates real barriers for those companies.

IBM RESILIENT: What are the biggest regional differences you found — and why do these differences exist?

PONEMON: We found that Germany, in particular, is sometimes an outlier. It stems from the fact that there are more regulatory requirements in Germany, and the German culture generally includes a high level of security and vigilance — and that includes the cyber realm.

Plus, Germans are more likely to have a comprehensive incident response [IR] plan. It’s not 100 percent true for the country, but German organizations are generally better prepared than the U.S. and U.K. Germany can demonstrate the workflow for a data breach and outperform other countries. The U.S. and U.K. are consistently very similar, but Germans have a more resilient security posture.

IBM RESILIENT: What were you most surprised to find in the global studies?

PONEMON: We saw good news and bad news. The good news is that most organizations globally see the importance of resilience. They’re not just preparing for specific incidents like malware and ransomware but building the mettle to overcome an array of events, through people, process and technology.

That’s the good news: they recognize this.

Bad news is that a lot of global companies also recognize that they’re not resilient today — and it could be catastrophic. And there are a number of challenges: They don’t have the resources allocated — or the right people and skillsets in security that they need.

For others, it just may not be a high priority for organizations’ leadership. They think it’s a technical thing — or a matter for IT. It’s really bad when that happens.

IBM RESILIENT: What immediate steps should U.S. and European Union-based organizations take to improve their cyber resilience?

PONEMON: One of the most critical things we found is that organizations that have an IR plan in place, prepare and test their plans tend to do better than the ones that don’t do the basic blocking and tackling.

Some of these organization have plans, but it’s wallpaper — they don’t value it. It’s just a checkbox, and it doesn’t accomplish anything.

Security teams need to look at security events like DDoS [denial-of-service] malware, data breaches or PII [personally identifiable information] losses — because each event requires different approaches. They need to find out if you have a plan and if they’re ready for it — and most aren’t. That’s the first step to getting more effective at IR.

Beyond the plan, you need to have a team of people ready to roll. If you don’t have people, outsource it. Companies that do so have a much stronger security profile and cyber resilience. We see that consistently.

**UPDATED** Read the Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization

Maria Battaglia
CMO, IBM Resilient

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature