Most organisations plan to seek external help after security breaches, study finds

Incident response plan - phone for help

Most large organisations now make advance plans to bring in external security consultancies should they suffer data and security breaches, a new survey for Arbor Networks has found.

The Economist Intelligence Unit (EIU) study (registration required) of 360 global senior business executives backed up by interviews with a dozen security executives found that around two thirds of firms had formal incident response plans in place for serious security incidents, with the same number complimenting this with a dedicated in-house response team.

Despite this apparent readiness, 80 percent of larger organisations had made advance arrangements with external experts, mainly in computer forensics, to supplement the initial response by an internal IT team.

This could be a sign that security incidents are now seen as so complex that employing enough inhouse security expertise is seen as impossible, or perhaps it's part of trend to preserve evidence to support possible criminal prosecutions. Other external help is also sought from legal and law enforcement experts.

"It's a very litigious process. If you are looking to be able to prosecute the perpetrators at the end of a breach, you need to be able to preserve the evidence," said one of the executives interviewed for the study.

"In addition, you need to be able to collect the evidence in such a way that you truly know what the breach was and how it occurred."

Increasingly, firms were treating security incidents as crime scenes, a factor that now over-rode the need to get systems working again.

Complaints from those interviewed included a lack of knowledge about the precise threats or "known unknowns" they were facing at any one time. This made many pessimistic about the chances of spotting a successful compromise within 24 hours.

Only a third of executives said their firms shared data on attacks with industry peers but it could be that this depends on the sector involved. Financial services appear to do well on this measure, mostly behind the scenes, but the numerous successful attacks on US retailers in the last year suggest that in this sector firms are more likely to be isolated from one another.

Breach reporting was bit better with 57 percent saying they would notify the authorities of reports they were legally obliged to (not all countries surveyed have notification laws), but 47 percent believed that being forced to make public all breaches would do more harm than good.

The number one disruption to systems, including those with a security theme, remains internal misconfiguration.

"There is an encouraging trend towards formalising corporate incident response preparations. But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organisational reflex rather than just a plan pulled down off the shelf," said EIU senior editor, James Chambers.

Join the CSO newsletter!

Error: Please check your email address.

Tags arbor networkssecurityintel

More about Arbor NetworksArbor NetworksEconomist Intelligence UnitEIU

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts