UPDATED - One in three companies not prepared for breaches: RSA

RSA head of channels and alliances A/NZ, Jonathan Christopher

Security firm RSA has released the results of its global breach readiness survey covering 30 countries.

It compared the global results with a survey of the Security for Business Innovation Council (SBIC), a group of security leaders from the Global 1000.

Using the SBIC as a benchmark, the results suggest the majority of organisations are not following incident response best practices.

As a result, they are not prepared to face the challenges of advanced cyber threats.

The results indicate that 30 per cent of organisations surveyed did not have formal incident response plans in place.

In organisations with a plan, 57 per cent admit to never updating or reviewing them.

The survey focused on measures within four major areas of breach readiness and response: incident response, content intelligence, analytic intelligence and threat intelligence.

It measured awareness gained from tools, technology and processes in place to identify and monitor critical assets.

RSA security analytics specialist, Chris Thomas, said the firm's experience with customers in A/NZ would suggest that local figures are largely consistent with US findings.

"Many organisations that we’ve encountered spend time and resources developing disaster recovery and business continuity plans. However, they do not have the same level of maturity when approaching their incident response and breach notification plans."

"The critical aspect that firms need to look at to increase incident response and breach readiness capabilities is to ensure that the people, processes and technology are properly aligned."

"The only way to do this is to test procedures in the same way that firms are now testing their business continuity management (BCM) and disaster recovery (DR) plans and capabilities."

"The other aspect required for firms to increase their breach readiness is to ensure they have adequate and effective threat detection, threat discovery and incident response capabilities."

"These ensure that they are able to detect incidents and breaches themselves, rather than being notified by a third party after the fact."

RSA head of channel and alliances A/NZ, Jonathan Christopher, said that as organisations improve their approach to incident response and breach readiness, the channel is able to deliver best practice guidance and subject matter expertise to their clients.

“RSA has seen its Channel Partners in the A/NZ region as ideally positioned to specialise in this space and with RSA are able to jointly deliver strategic consulting services to assist customers on this journey.”

“As breach readiness maturity is not a point in time process and needs continual focus and enhancement, long-term relationships with channel partners are invaluable as organisations will need a partner that truly understands their business.”

“Additionally, as the threat landscape continues to evolve, organisations need to ensure they are adequately protected, have the ability to respond appropriately should a breach occur, and importantly, have a partner that has the experience to support them in providing these two capabilities.”

While all SBIC members have a capability to gather data and provide centralised alerting, 55 per cent of those surveyed lacked the capability. This made them blind to many threats.

RSA said identifying false positives still proves a difficult task. Only 50 per cent of general respondents had a formal plan in place for identifying false positives.

SBIC members who participated in the survey include security chiefs from Johnson & Johnson, JPMorgan Chase, ABN Amro, Thales A/NZ, Walmart, EMC, General Electric, Boeing and FedEx.