As the digital transformation unfolds in business, companies have had to implement a recurring and increasingly sophisticated cybersecurity plan to protect their most valuable assets. With ramnsomware attacks and denial of service (DDoS) on the rise, a new Accenture study found that the average number of cyber attacks targeting companies doubled from 2017 to date, from 106 to 232 respectively.
However, the figures show strong progress on the part of the security teams, which have successfully prevented and successfully block 87% of the attacks perpetrated globally, far exceeding the 70% recorded the previous year.
Without obscuring the good results, the study also highlights that with 13% of targeted attacks successfully transgressing network defenses, organizations still have to deal with approximately 30 security breaches or breaches per year, which can cause damage. irremediable or result in the loss of sensitive information for the future of the institution.
“As technology leaders, it is good news to know that only 1 in 8 cyber attacks is currently transferring security equipment. This reality is far from the results obtained last year, when 1 in 3 attacks caused incalculable damage to the organization’s assets. However, the best rates when it comes to preventing and mitigating the impact of cyber attacks cannot cause companies to lose their sense of urgency on the issue. For us it is essential that local and global actors continue to invest in new technologies and infrastructure, with the aim of reaching a level of cybersecurity virtually unbreakable in the next two to three years, ”said Juan Manuel Gonzalez, executive director of Accenture.
In this context, 83% of companies say that disruptive technologies are essential to ensure the future of the business. Artificial Intelligence (AI), machine or deep learning, user behavior analytics and blockchain, among others, are necessary investments to raise performance in terms of cybersecurity. Despite this conception, Accenture’s study revealed that only 40% of organizations are committing investments in these types of technologies, which demonstrates a certain level of optimism regarding the issue.
On the other hand, among the most striking results of the study, it can be seen that security teams are requiring less time to detect a security breach. In months and years, the main actors have made visible the problem in days and weeks. On average, 89% of respondents state that their internal security teams detect cyber attacks in just one month (versus 32% in 2017), and 55% took less than a week to find a cybersecurity violation (versus 10% last year).
Now if it deepens from where the attacks come from, the external incidents remain at the top of the list, but a call is made not to forget the danger of the “internal enemy”. Two of the three cyber attacks with the highest frequency and impact are internal attacks or information accidentally published by workers, the study concludes.
With this in mind, Accenture identified five key steps for organizations to reach an appropriate “cyber resilience” level:
* Build a solid foundation: Companies must identify their high value assets and protect them more strongly. Ensuring that controls are deployed and complied with throughout the value chain, is essential, and not just from a corporate function.
* Test your company’s resistance, as if you were an attacker: Improve defense teams through “red vs. blue” activities, where coaches move between players’ teams and provide their conclusions, are an important learning element to make improvements .
* Use disruptive technologies: Allocate investment in new technologies that can automate your defenses. Use advanced behavior analysis and automated processes, to name just a few.
* Be proactive and deploy threat identification: Develop strategic and tactical threat intelligence tailored to your environment. By monitoring suspicious activity at the most likely attack points, you will be able to identify potential risks more efficiently.
* The new role of CISO: A fundamental point is to develop the next generation of Directors of Information Security (CISO). This position has to be immersed in the business, as it is a pillar to balance security based on risk tolerance.