With ransomware and distributed denial of service (DDoS) attacks on the rise, the average number of focused cyber attacks per organisation has more than doubled in the past year, a study has revealed.
This increase comes amid growing cyber threats, despite the fact that organisations are demonstrating far more success in detecting and blocking them, according to Accenture’s latest State of cyber resilience study.
The study, which is based on a survey of 4,600 security practitioners, shows that 87% of focused cyber attacks are being prevented, almost a 20% increase on the previous year.
Nonetheless, the report said with 13% of focused attacks penetrating defences, businesses still face an average of 30 successful security breaches a year, which is unsustainable for future growth.
The study was conducted from January to mid-March 2018 and investigated focused attacks defined as having the potential to both penetrate network defences and cause damage, or extract high-value assets and processes from within organisations.
Another key finding of the study is that 55% of organisations took one week or less to detect a breach, compared with just 10% in the previous year.
Although companies are detecting breaches faster, security teams are still finding only 64% of them, which is similar to last year, and they are collaborating with others outside their organisations to find the remaining breaches.
This underscores the importance of collaborative efforts among business and government sectors to stop cyber attacks, the report said.
More work to be done
When asked how they learn about attacks that the security team has been unable to detect, respondents indicated that more than a third (38%) are found by white hat hackers or through a peer or competitor, up from 15% the previous year. Only 15% of undetected breaches are found through law enforcement, which is down from 32% the previous year.
The majority of respondents (83%) agree that new technologies such as artificial intelligence (AI), machine learning, user behaviour analytics, and blockchain are essential to securing their organisations.
When asked which capabilities were most needed to fill gaps in their cyber security solutions, the top two responses were cyber threat analytics and security monitoring.
Despite evidently recognising that new technologies could solve the problem, only 2 in 5 organisations are currently investing, indicating there is even more ground to be gained by increasing investment in cyber resilient technologies, the report said.
“Only one in eight focused cyber attacks are getting through versus one in three last year, indicating that organisations are doing a better job of preventing data from being hacked, stolen or leaked,” said Kelly Bissell, managing director of Accenture Security.
“While the findings of this study demonstrate that organisations are performing better at mitigating the impact of cyber attacks, they still have more work to do,” he said.
Prioritise investing in security, says expert
Building investment capacity for wise security investments must be a priority for those organisations that want to close the gap on successful attacks even further, said Bissell.
“For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organisations in the next two to three years. That’s an encouraging projection,” he said.
On average, respondents said only two-thirds of their organisation is actively protected by their cyber security programme. And, while external incidents continue to pose a serious threat, the survey reveals that organisations should not forget about the enemy from within, with two of the top three cyber attacks with the highest frequency and greatest impact being internal attacks and accidentally published information.
According to Accenture, there are five steps organisations can take to achieve cyber resilience:
- Build a strong foundation – identify high value assets and harden them, and ensure controls are deployed across the organisational value chain, not just the corporate function.
- Pressure test resilience like an attacker – enhance red defence and blue defence teams with player-coaches that move between them and provide analysis on where improvements need to be made.
- Employ breakthrough technologies – free up investment capacity to invest in technologies that can automate your defences. Use automated orchestration capabilities and advanced behavioural analytics.
- Be proactive and use threat hunting – develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.
- Evolve the role of CISO – develop the next generation CISO, steeped in the business and balancing security based on business risk tolerance.