Pulling information from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, the GTIR shows that over the last three years, on average 77% of organisations fall into the ‘unprepared’ category, leaving just 23% with the capability to respond effectively to critical security incidents.
“Prevention and planning for cyber security incidents seems to be stagnating, according to the figures in both the GTIR and our recent Risk:Value report,” says Garry Sidaway, VP Security Strategy & Alliances, NTT Com Security.“This is a real concern and could be down to a number of reasons, not least the possibility of security fatigue – too many high profile security breaches, information overload and conflicting advice – combined with the sheer pace of technology change, lack of investment and increased regulation.
“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope. Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”
Although financial services was the leading sector for incident response in previous annual GTIR reports, the retail sector now takes the lead, with 22% of all response engagements, up from 12% the previous year. Retail – a popular target due to processing large volumes of personal information such as credit card details – experienced the highest number of attacks per client.