Connect with us

Artificial Intelligence

IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue

Vlad Poptamas

Published

on

 

IBM (NYSE: IBM) Security today announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period. The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.1

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years,2 only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

Artificial Intelligence

Global Penetration Testing Market 2020-2025 – Increased Adoption of Cloud-based Penetration Testing Presents Opportunities

GlobeNewswire

Published

on

Dublin, July 10, 2020 (GLOBE NEWSWIRE) — The “Penetration Testing Market by Component (Solutions & Services), Application Area (Network Infrastructure, Web Application, Mobile Application, Cloud, & Social Engineering), Deployment Mode, Organization Size, Vertical, and Region – Global Forecast to 2025” report has been added to ResearchAndMarkets.com’s offering.This market study covers the penetration testing market size across segments. It aims at estimating the market size and the growth potential of this market across segments categorized into components, application areas, verticals, and regions. The study also includes an in-depth competitive analysis of the key market players, along with their company profiles, key observations related to product and business offerings, recent developments, and key market strategies.Significant rise in mobile-based business-critical applications require more secure endpoint protection is driving the overall growth of the penetration testing marketThe market growth is driven by various factors, such as the need to secure endpoint protection due to the significant rise in mobile-based business-critical applications and enterprises moving toward implementing security measures due to increased sophistication in cyberattacks.By application area, the mobile application penetration testing segment to grow at the highest CAGR during the forecast periodMobile application penetration testing is basically for mobile-based applications which is done by trying to break into various mobile applications through different vectors. The methodology is a security testing, which is used to analyze security from the inside of a mobile environment. The mobile application penetration testing methodology concentrates on file system, hardware, and network security.The test results can provide an organization with knowledge of the vulnerabilities in the mobile application, loopholes, and attack vectors before delivering an app to the user, thus offering insights on how to mitigate the potential risks of mobile applications and secure the user credentials associated with it. Mobile application users are becoming aware of the different threats and thus the deployment of mobile application penetration testing is rapidly increasing. Therefore, the mobile application penetration segment is expected to grow at the highest CAGR during the forecast period.By deployment mode, the cloud segment to grow at a higher rate during the forecast periodIn the cloud deployment mode, instead of implementing the software solution on the local hardware, businesses subscribe to the solution hosted on a third-party remotely located server. By opting for cloud-based solutions, organizations can avoid costs related to maintenance of infrastructure and technical staff.Cloud-based platforms are beneficial for organizations that have strict budgets for security investments. Small and Medium-sized Enterprises (SMEs) deploy their identity verification solutions on the cloud, as it saves them from investing their capital on security infrastructures. Hence, the cloud deployment segment is expected to grow at a higher CAGR.Asia-Pacific to register the highest growth rate during the forecast periodAsia-Pacific (APAC) has great scope for the growth of the penetration testing market. The penetration testing market in APAC is anticipated to grow significantly, due to increasing government investments in improving security posture, increased sophistication of cyberattacks, and the amalgamation of technologies, such as Artificial Intelligence (AI) and Machine Learning (ML) with penetration testing.The fast expansion of regional enterprises in APAC is another crucial variant contributing to the growth of the penetration testing market. In the process of determining and verifying the market size for several segments and subsegments gathered through secondary research, extensive primary interviews were conducted with key people.Key Topics Covered
1 IntroductionFor more information about this report visit https://www.researchandmarkets.com/r/fm043xResearch and Markets also offers Custom Research services providing focused, comprehensive and tailored research.CONTACT: ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For E.S.T Office Hours Call 1-917-300-0470
For U.S./CAN Toll Free Call 1-800-526-8630
For GMT Office Hours Call +353-1-416-8900

Continue Reading

Artificial Intelligence

The Global Beauty Drinks Market is expected to grow from USD 1,943.82 Million in 2019 to USD 3,004.65 Million by the end of 2025 at a Compound Annual Growth Rate (CAGR) of 7.52%

GlobeNewswire

Published

on

New York, July 10, 2020 (GLOBE NEWSWIRE) — Reportlinker.com announces the release of the report “Beauty Drinks Market Research Report by Ingredient, by Type, by Demography – Global Forecast to 2025 – Cumulative Impact of COVID-19” – https://www.reportlinker.com/p05913553/?utm_source=GNWClare: clare@reportlinker.com
US: (339)-368-6001
Intl: +1 339-368-6001

Continue Reading

Artificial Intelligence

Intrusion Detection and Prevention Market to grow at 9% CAGR to hit US $7 billion by 2025– Global Insights on Key Trends, Investments Analysis, Expansion Plans, Leading Players and Future Outlook: Adroit Market Research

GlobeNewswire

Published

on

Dallas,Texas, July 10, 2020 (GLOBE NEWSWIRE) — The “Intrusion Detection and Prevention Market by Component (Platform and Services), Type (Wireless-Based, Host-Based, Network-Based, and Network Behavior Analysis), Industry Vertical (BFSI, IT & Telecom, Healthcare, Retail, Manufacturing, and Others), and by Region, Global Forecast, 2018 to 2025” study provides an elaborative view of historic, present and forecasted market estimates.Request a pdf sample at https://www.adroitmarketresearch.com/contacts/request-sample/1542The global intrusion detection and prevention market size is anticipated to reach over USD 7 billion by 2025. It is expected that it will grow at a CAGR of over 9% during the forecast period 2018-2025. The intrusion detection and prevention is the procedure of examining the actions happening on the network and evaluating them for any future incidents or threats. Also, with the capability of automation and artificial intelligence, the intrusion detection, and prevention systems not only detect the prominent threats but they automatically take preventive measures against such threats. Hence, eliminates the need for checking every single security issue by the security administrator.The current and future intrusion detection and prevention market advances are defined to state the attractiveness of the market. Key impacting aspects focus on the intrusion detection and prevention market opportunities during the forecast period. Factors such as the rising number of cyber-attacks and data breaches are also the vital factor boosting the global intrusion detection and prevention market growth. Also, the growing data protection regulations and laws are other factors boosting the demand for intrusion detection and prevention solutions. However, However, the availability of free and open-source solutions are expected to impede market growth. Furthermore, the rising demand for cloud-based solutions and the growing BYOD trend in various organizations are some of the key factors expected to provide major growth opportunistic for the market in forthcoming years.Browse the full report with Table of Contents and List of Figures at https://www.adroitmarketresearch.com/industry-reports/intrusion-detection-and-prevention-marketThe report also highlights various aspects of the global intrusion detection and prevention industry by analyzing the market through value chain analysis. Besides, the Intrusion Detection and Prevention market report covers different qualitative aspects of the intrusion detection and prevention industry in market drivers, key industry opportunities, and restraints. Furthermore, the report proposes a comprehensive valuation of the market competitiveness along with company profiling of residents as well as global vendors.The intrusion detection and prevention market has solid competition among the early established and new players. Also, to capture a competitive advantage over the other industry players many industry players are aiming potential markets by forming collaboration and partnerships, agreements, mergers & acquisitions, acquiring new startups & other companies, and escalating their business presence.Direct purchase the report at https://www.adroitmarketresearch.com/researchreport/purchase/1542In terms of industry vertical, the market is segmented into BFSI, IT & telecom, healthcare, retail, manufacturing, and others. The IT and telecom industry dominated the overall IDP market in 2019 and it is expected to do so throughout the forecast period. The growth of this segment is mainly attributed to the increasing attacks on IT infrastructure. However, the BFSI industry is anticipated to gather the major market growth during the forecast period due to the increasing adoption of smart banking solutions.The Asia-Pacific region is projected to experience the highest growth throughout the forecast period. On the contrary, the North American region dominated the overall market in 2019 and it is expected to maintain its position throughout the forecast period 2018-2025. The dominance of this region is mainly attributed to the stringent regulations and increasing government initiatives to counter cyber-attacks.Are you looking for a DISCOUNT? If yes, then get in touch with us at https://www.adroitmarketresearch.com/contacts/discount/1542The major players of the global intrusion detection and prevention market are Cisco, IBM, Palo Alto Networks, McAfee, Trend Micro Incorporated, Fortinet, FireEye, AT&T Intellectual Property, Darktrace, and Huawei Technologies Co. Moreover, the other potential players in the intrusion detection and prevention market are WatchGuard Technologies, Vectra AI, Armor Defense, Hilstone Networks, and AlertLogic. The recognized companies are coming up with innovative and new Intrusion Detection and Prevention Types. For instance, in April 2019, Trend Micro, a cybersecurity solutions provider partnered with Luxoft Holding, a digital strategy firm. With this partnership both the companies are planning to introduce Intrusion Prevention Systems (IPS) and Intrusion Detection System (IDS) to detect and prevent cyber-attacks on connected cars.Major points from Table of Contents:
Chapter 1    Introduction
Chapter 2    Research Methodology
Chapter 3    Executive Summary
Chapter 4    Market Outlook
Chapter 5    Intrusion Detection and Prevention Market by Component
Chapter 6    Intrusion Detection and Prevention Market by Type
Chapter 7    Intrusion Detection and Prevention Market by Industry Vertical
Chapter 8    Intrusion Detection and Prevention Market by Region
Chapter 9    Competitive Landscape
Chapter 10    Company Profiles
Access research repository of Upcoming Reports @ https://adroitmarketresearch.com/upcoming.html  About Us:
Adroit Market Research is a global business analytics and consulting company incorporated in 2018. Our target audience is a wide range of corporations, manufacturing companies, product/technology development institutions and industry associations that require understanding of a market’s size, key trends, participants and future outlook of an industry. We intend to become our clients’ knowledge partner and provide them with valuable market insights to help create opportunities that increase their revenues. We follow a code– Explore, Learn and Transform. At our core, we are curious people who love to identify and understand industry patterns, create an insightful study around our findings and churn out money-making roadmaps.
Contact Us:
Ryan Johnson
Account Manager – Global
3131 McKinney Ave Ste 600
Dallas, TX 75204
Email ID: sales@adroitmarketresearch.com
Phone No.: +1 972-362 -8199
Connect with us: Facebook | Twitter | LinkedIn

Continue Reading

Trending

Roboticulized is part of PICANTE Media and Events, a leading media and boutique event organizer in the European Union with a monthly reach of +50,000 readers. The official company (PROSHIRT SRL), has been listed for 4 years in a row among the top 3 Advertising and market research agencies in the local Top Business Romania Microcompanies based on the Financial Reports. Roboticulized digests / hand picks the latest news about the AI industry and serves them to you daily.

Contact us: sales@picante.today

Editorial / PR Submissions

© Roboticulized.com 2019 - 2020 - part of PICANTE Media. All rights reserved. Registered in Romania under Proshirt SRL, Company number: 2134306, EU VAT ID: RO21343605. Office address: Blvd. 1 Decembrie 1918 nr.5, Targu Mures, Romania