RESEARCH TRIANGLE PARK – More companies are hiring additional cybersecurity specialists to stiffen defenses against hackers and cyber threats, but that’s not enough to ward off increasingly sophisticate attacks, warns IBM in a new study. And most companies don’t have a formal response plan in place if they are hit.
Additional investment in human intelligence combined with machine intelligence is needed, Big Blue points out. IBM is not alone in making that recommendation. Notes Cisco in its 2018 Cybersecurity report:
“More enterprises are therefore turning to machine learning and artificial intelligence. With these capabilities, they can spot unusual patterns in large volumes of encrypted web traffic. Security teams can then investigate further.”
And cybersecurity personnel don’t come cheaply. Cary-based training firm Global Knowledge reports that four of the top 10 highest paid job certifications are for cybersecurty-related skills:
- Certified Information Systems Security Professional (CISSP) – $111,475
- Certified in Risk and Information Systems Control (CRISC) – $111,049
- Certified Information Security Manager (CISM) – $108,043
- Certified Ethical Hacker (CEH) – $106,375
The IBM report comes in the wake of 2017 hacks and cyber threats that made headlines over and over with millions of people’s personal data exposed, government records exploited, and many companies hit by malware.
Even with beefed-up people resources, IBM says, “57 percent of respondents said the time to resolve [a cybersecurity] incident has increased, while 65 percent reported the severity of the attacks has increased.”
For example, Cisco in its report noted that “malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware.”
In a study conducted by Ponemon Institute supported by IBM’s Reslient security group, many businesses believe they are more “cyber resilient” due to beefed-up hiring. Yet “just 31 percent of those surveyed having an adequate cyber resilience budget in place and [77 percent have] difficulty retaining and hiring IT Security professionals.”
“Organizations may be feeling more cyber resilient today, and the biggest reason why was hiring skilled personnel,” says Ted Julian, vice president of Product Management and co-founder of IBM Resilient. “Having the right staff in place is critical but arming them with the most modern tools to augment their work is equally as important. A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience.”
Formal response plans lacking
A whopping 77 percent of respondents also admitted that “they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization,” IBM adds.
In addition to lack of a response plan, hiring has been insufficient to meet the threat, the study adds:
- The “second-biggest barrier” behind lack of a plan is “having insufficient skilled personnel dedicated to cyber security”
- Only 29 percent of respondents said they had “ideal staffing to achieve cyber resilience.”
- 50 percent say their firm’s current CISO [chief information security officer] or security leader has been in place for three years or less.
- 23 percent report they do not currently have a CISO or security leader.
IBM and Ponemon conclude that ensuring security requires:
- A proper incident response plan (which a 2017 study found can reduce costs of a hack or breach)
- Staffing
- Budget
The executive summary of these findings can be downloaded online.
IBM employs several thousand people across North Carolina.
