The Cyber Resilient Organization: A Q&A with Dr. Larry Ponemon
by Maria Battaglia
September 15, 2015
“Cyber resilience” is a relatively new term, but it seems to be here to stay. Organizations globally realize it’s a critically important part of their cybersecurity strategies, and they’re asking the hard questions – what does cyber resilience look like for my organization, and how do we grow it?
This is an issue that is important to us, as it’s close to our mission – empowering organization to thrive in the face of all that is out there on the cyber landscape today.
So, we are proud sponsors of The Ponemon Institute’s first-ever report on cyber resilience, “The Cyber Resilient Organization: Learning to Thrive Against Threats.” This report surveyed more than 600 IT and security professionals across the U.S. on the state of cyber resilience, the top roadblocks, and steps for improving resilience.
We want to give you a sneak peek at what we learned from the research, so we asked Dr. Larry Ponemon for his take on the findings. Read on to learn more.
And for added insight on cyber resilience and incident response, we invite you to join our upcoming webinar series – featuring security experts and analysts.
Resilient Systems: Why is “cyber resilience” worth exploring?
Larry Ponemon: Cyberattacks are on the rise, and becoming increasingly devastating – as seen in the attacks on Anthem and the Office of Personal Management (OPM), for example. Organizations need to adopt an enterprise-wide, holistic approach to their cybersecurity strategies so that they are better able to withstand the consequences of a cyberattack, and maintain their core purpose and integrity. This is what we mean by cyber resilience.
Are organizations adopting such a strategy? Do they believe cyber resilience is important to their cyber security posture? To find out, we surveyed IT security professionals on their perceptions about cyber resilience. We were pleased to learn that cyber resilience is emerging as the standard for which to strive – particularly to protect high-value intellectual property and comply with laws and regulations, as well as to enhance brand value and reputation and maximize employee productivity.
Resilient Systems: What do you think are the most significant learnings from the research?
Larry: I believe the most significant takeaway is that, increasingly, organizations are coming to terms with the reality that they need to have a strategy in place to ensure they will continue to thrive and be competitive despite the inevitable cyberattack. While prevention is still important, it is more about prevailing.
Resilient Systems: Were there any findings you found particularly surprising?
Larry: The most surprising finding is that the majority of companies are not prepared to respond to a cybersecurity incident – even though most said that “preparedness” is critically important to cyber resilience. Most respondents don’t have a well-defined cybersecurity incident response plan (CSIRP) applied consistently across the entire enterprise – most said their organization either does not have a CSIRP, or it is informal or ad hoc.
But this is consistent with our conclusion that the state of cyber resilience needs improvement in most organizations. The number of respondents that rate their organizations’ cyber resilience as high is relatively low. Moreover, a key component of cyber resilience is the ability to recover from a cyberattack – and, again, relatively few respondents rate this as high.
Resilient Systems: How would you recommend businesses use these findings to improve their own cyber resilience?
Larry: The research findings provide a roadmap to achieving a state of cyber resilience – including identifying the top hindrances to cyber resilience, and how businesses can get past them.
For example, we found that human error is the enemy of cyber resilience and one that organizations need to address. Senior leadership needs to communicate the responsibility employees have to be alert to possible threats to the data and systems they are entrusted to protect.
As I mentioned, cyber resilience needs to be enterprise-wide and actually part of the culture. In fact, collaboration among business functions is essential to a high level of cyber resilience – but it rarely happens. Thus, leadership and responsibility are critical to improving collaboration.
Similarly, organizational factors, such as insufficient funding and staffing, hinder efforts to achieve a high level of cyber resilience. But interestingly, we found that a lack of knowledgeable staff or enabling technologies is not as much a hindrance as not devoting the necessary time and resources to planning and preparedness or insufficient risk awareness, analysis, and assessments.
In the case of investments in processes and technology to achieve cyber resilience, technologies that enable efficient backup and disaster recovery operations, as well as incident response management plans, are by far most important to building a cyber resilient enterprise.
Want to learn more about cyber resilience and incident response? Download The Cyber Resilient Organization: Learning to Thrive Against Threats.
View Our Additional Resources
Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar
In IBM Resilient’s fifth-annual year-in-review and predictions webinar, our panel of cyber experts will discuss and debate the trends and stories that defined cyber security in 2017, and offer their predictions for what to expect in 2018. This year, we are also live streaming the event on Twitter for more engagement.
Six Steps for Building a Robust Incident Response Function
To overcome today’s top security challenges, organizations are increasingly seeking to orchestrate their incident response (IR). They aim to build agile, measurable IR workflows, increase communication and coordination, and arm their team with the right tools and intelligence.
Top Global Research Laboratory
Learn how a top global research laboratory replaced its ticketing system with a purpose-built Incident Response Platform (IRP) -- and enabled its team to increase the effectiveness and efficiency of its security operations team.
Improving Response with Orchestration and Automation: Ask Bruce
To effectively respond to today's complex cyberattacks, security teams need to coordinate their people and technology throughout the entire incident response (IR) process. When IR orchestration is supported by automation, organizations can accelerate their response and make their IR team more intelligent. In this video, IBM Resilient CTO Bruc...