Want to improve cyber security? Too many tools aren’t the solution!
Estimated reading time: 4 minutes
Cyber-attacks pose a serious and ever-increasing risk to any organization. IBM Security has found that 51 percent of organizations have experienced a significant disruption of business operations due to a cybersecurity incident in the past two years. In response, organizations are taking more and more measures to make themselves resilient and improve cybersecurity awareness. Nevertheless, IBM concludes current precautions are often still inadequate.
IBM conducted a study among more than 3400 organizations, including hospitals, banks, and government institutions worldwide. It provides insights into the measures companies take and the results they achieve. For example, 26 percent of the organizations indicate that they have a company-wide Computer Security Incident Response Plan (CSIRP). In addition, organizations have 45 different security solutions and technologies on average in use.
More isn’t always better
Yet, more tools don’t necessarily result in better security. 30 percent of companies use over 50 security solutions and technologies; the excessive use of different tools results in a complex, inefficient environment. Companies with more than 50 tools appear to be 8 percent less good at detecting a cyber-attack and 7 percent worse at responding to an attack.
Relying on technology alone isn’t enough. For this reason, IBM recommends an enterprise-wide and up to date CSIRP. Although the number of organizations with a CSIRP has grown in recent years, more than half of the plans aren’t sufficient. For example, the plans do not contain scenarios for frequent attacks such as DDoS, malware, or ransomware. Moreover, many security plans might be outdated: only 7 percent review the CSIRP quarterly, while 40 percent of the organizations have no set time period for reviewing or testing the CSIRP. Although it is impossible to rule out an attack completely, a good CSIRP can limit the damage, should your organization become a target.
- Tip: Need help setting up your own CSIRP? Our free crisis communication protocols will help you get started.
Training for end-users
Moreover, IBM’s research shows that there is room for improvement among end-users within an organization. 23 percent of companies think their resilience to a cyber-attack has not improved in recent years, due to a lack of training of end-users. It is important to continuously make all employees within an organization aware of (new) cyber threats.
The best way to do this is by continuously repeating information. New information is often forgotten within thirty days. However, this downward trend can be broken by repeating information over and over. Thus employees only become resilient to cyber risks when they are continuously informed and trained.
Digital signage screens and corporate screensavers, to name a few, are very suitable channels for continuously informing employees.
Could your organization use some support in the fight against cybercrime? Download 10 useful tips to sharpen your employees’ cybersecurity awareness for free. Or contact our experts to see how you can improve your company’s internal communication.
