46pc Mideast firms ‘lack incident response plans’
DUBAI, May 20, 2015
Nearly half (46 per cent) of Middle East organisation have no incident response (IR) plans, according to a recent survey.
The survey, conducted by leading information security conference in the region Gisec, covered more than 150 enterprise security professionals.
It also found that the rate of security incidents is very high in the region, with about 69 per cent of organisations experiencing an incident in the last 12 months - highlighting the need for greater resilience against cybersecurity threats, said leading incident response platform (IRP) provider Resilient Systems (formerly known as Co3 Systems).
With preventative and detective tools alone failing to stop breaches, incident response is vital to ensuring that security incidents do not escalate into business crises, it said.
Historically, organisations would turn to consultancy services to establish the extent of security incidents and take action to mitigate the damage and future attacks. But with incidents increasing in frequency, sophistication, and severity, organisations can no longer afford to take an ad hoc approach to response.
Paul Ayers, general manager, EMEA - Resilient Systems, said: “In this new era of cybercrime, businesses are learning that identifying and protecting against threats isn’t enough – they have to be able to respond, and they have to do it faster, better, and smarter than before.
“Security incidents are inevitable – but the good news is that quick and effective response can make cyber threats manageable, and ensure that businesses can thrive in the face of them.”
The survey also found that about 17 per cent of organisations reported having more than 25 incidents in the last year.
The incident response is becoming a priority for many, with 63 per cent saying their business will invest in Incident Response in the next 20 months. However, 14 per cent have no plans to improve incident response capabilities, it said.
“Just as businesses have learned to live with fire, accidents, and theft for centuries, companies today can learn to mitigate and move on from cyberattacks, ”said Ayers.
“Practice makes perfect. By preparing and provisioning for response, developing IR plans, and testing them regularly, organisations can take control of the situation – giving them the ability to limit or completely avoid incidents damaging their company and its public perception. That’s the essence of Cyber Resilience,” he said.
Resilient System’s IRP arms incident response teams with workflows, intelligence, and deep-data analytics to react faster, coordinate better, and respond smarter. It is distributed in the Middle East through its partnership with security value added distributor, Shifra.
Ahmad Elkhatib, managing director of Shifra, said: “As with the rest of the world, cybercrime in the Middle East has reached unprecedented levels in the recent past.
“These findings reflect the reality that, as businesses in the region grow, they will increasingly become the target of cyberattacks and require Incident Response tools in order to develop quick reflexes in handling breaches.” - TradeArabia News Service