Content, Content, Security Staff Acquisition & Development

RedSeal Report: 54% of Cybersecurity Pros Lack Tools, Resources They Need

Ray Rothrock

A cybersecurity "perfect storm" is looming for organizations around the globe, according to a report from network modeling and cyber risk scoring platform provider RedSeal.

The "2017 RedSeal Resilience Report," which featured insights from 600 U.S. and UK chief information security officers (CISOs) and senior IT decision-makers, highlighted four key cybersecurity trends:

  1. The cyber threat landscape is rapidly evolving. Fifty-four percent of senior cybersecurity professionals said they believe the cyber threat landscape is evolving faster than their organization can respond.
  2. A lack of cybersecurity preparedness is pervasive. On average, only 25 percent of organizations test their cybersecurity response to a major incident at least once a year.
  3. There is a major gap between perceived and actual cyber threat response times. Forty percent of senior cybersecurity professionals ranked detection as their strongest cyber capability. However, it takes an organization an average of six hours to identify a cyber incident.
  4. Compliance drives security planning. Ninety-seven percent of senior cybersecurity professionals said external regulations play a major role in their cybersecurity and resilience planning and implementation.

Together, these trends represent a "harbinger of security disaster for any organization," RedSeal CEO Ray Rothrock said in a prepared statement.

How to Improve Cyber Resilience

RedSeal offered the following tips to help organizations improve their cyber resilience:

  • Be proactive. There is an industry-wide discrepancy about when an organization's network is compromised and when an organization finds out about a cyber incident. If an organization allocates the necessary time and resources to establish effective cybersecurity protocols, it may be able to detect and resolve cyber incidents faster than ever before.
  • Test your cybersecurity strategy. As the time between the last cybersecurity test increases, executives' confidence in an organization's cybersecurity plan decreases. With regular testing, an organization can identify problem areas and address these issues before they lead to data breaches.
  • Prioritize your cybersecurity strategy – not compliance. Even a single cyberattack can have significant financial ramifications on an organization. Therefore, an organization should prioritize its cybersecurity strategy to reduce the risk of revenue loss, brand reputation damage and other problems that are commonly associated with data breaches.

The combination of cybersecurity resources, preparation, detection and an overarching strategy can help an organization bolster its cyber resilience, Rothrock stated. These factors together enable an organization to pivot and pursue cyber resilience, Rothrock said, and maintain its day-to-day operations as it detects and addresses cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.