Connect with us

BizNews

Security response planning on the rise, but containing attacks remains an issue – IBM

While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

Published

on

IBM announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period.

The global survey conducted by Ponemon Institute and sponsored by IBM Security found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings of those surveyed from the fifth annual Cyber Resilient Organization Report include:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating Playbooks for Emerging Threats
The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.   

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More Tools Led to Worse Response Capabilities
The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average. However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts — in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools. Amongst high-performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

While security response planning is slowly improving, the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Better Planning Pays Off
This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years  compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations in the report become more cyber resilient, especially when it comes to tools that helped them resolve complexity. Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting). Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

BizNews

UPS helps its Phl customers maintain critical infrastructure following typhoon

UPS’s recent expansion of its Worldwide Express Freight (WWEF) shipment service to more postal codes in the Philippines comes as welcome news to West Point Engineering, a long-time customer of UPS.

Published

on

Sitting in a tropical storm-prone belt of the Pacific Ocean known as ‘typhoon alley,’ the Philippines experiences an average of 20 tropical storms every year. 

Last year, on top of dealing with the pandemic, the Philippines was hit by Super Typhoon Goni, the most powerful tropical cyclone in the world in 2020. Goni, or Rolly as it’s locally known, ploughed through Luzon and affected 2.7 million people, displacing 31,000 and damaging or destroying 281,000 homes. Sanitation and hygiene become immediate concerns in the aftermath of a storm like this, with essential water infrastructure usually damaged.

West Point Engineering Supplies Incorporated provides specialized products and solutions to essential infrastructures in the Philippines, such as water, energy and meteorology. 

Among its list of projects is a 10-year program with the weather information services company, Earth Networks, and the Philippine Atmospheric, Geophysical and Astronomical Services Administration. They’ll collaborate to use weather monitoring sensors that provide earlier warnings for tropical storms. 

For West Point Engineering, speed and efficiency is essential in installing and maintaining specialized equipment like weather radars, which can save lives and homes. 

That’s why UPS’s recent expansion of its Worldwide Express Freight (WWEF) shipment service to more postal codes in the Philippines comes as welcome news to West Point Engineering, a long-time customer of UPS.

Businesses like West Point Engineering will benefit from time-guaranteed palletized shipments above 70 kilograms to more areas in Bulacan, Mabalacat, Angeles City, Laguna and Batangas, allowing businesses to more easily and quickly replenish bulk inventories. This helps customers meet urgent, sometimes life-saving, delivery requirements. 

“We have been a partner of UPS for over seven years,” said Dennis Ziganay, president and CEO of West Point Engineering. “Through this pandemic, we’ve been able to meet the demands of these challenging times … thanks to UPS.” 

With businesses needing a more agile and precise process in responding to the needs of the market and its customers, accessibility is key in responding to natural disasters around the globe.

“Exporters, SMEs and long-time partners like West Point Engineering are important contributors to the local economy. As they grow and expand, we listen to their changing supply chain requirements and cater to their needs,” said Chris Buono, managing director of UPS Philippines and Indonesia. 

 “Whether it’s one of the several natural calamities that occurred in the Philippines or an ongoing pandemic, UPS is committed to delivering what matters for our customers as they bounce back from a difficult year,” Buono ended. 

Continue Reading

BizNews

Community banks a key resource for small businesses when crises arise

Community banks are an important source for small businesses when crises, like the COVID-19 pandemic, arise and business owners need to secure help quickly to continue paying their employees.

Published

on

Photo by lucas Favre from Unsplash.com

With billions on the table for struggling small businesses, new research from the University of Florida Warrington College of Business finds that community banks are a critical source for helping these businesses keep their workforce employed during the pandemic through loan access.

“Smaller community banks have traditionally been an important source of funding for small businesses,” said Christopher James, William H. Dial/SunTrust Eminent Scholar and research author. “Community banks tend to be relationship lend­ers, characterized by local ownership, local control and local decision making. Relationship lenders had strong incentives to make… loans in order to preserve small business relationships in the face of the massive economic downturn caused the pandemic.”

In their research, James, Warrington Ph.D. student Jing Lu and Georgetown University Ph.D. student Yangfan Sun, find that community banks were able to respond faster to loan requests from small businesses as compared to larger banks. They also find that community banks made more loans per dollar of deposits than larger banks, particularly during the early stages of the pandemic.

“Community banks tend to specialize in lending based on close personal ties between the loan officer and the small business customer,” James said. “This type of lending requires providing branch managers with greater decision rights in making lending decisions. As a result, lenders at community banks were able to respond faster when the PPP was introduced.”

Consistent with community bank focus on small business lending and their faster implementation of lending, the authors find significantly more loans per small business in counties where community banks had higher market shares. More important, the authors find that higher levels of lending are associated with significantly fewer small business bankruptcies.

Overall, James, Lu and Sun’s research finds that community banks are an important source for small businesses when crises, like the COVID-19 pandemic, arise and business owners need to secure help quickly to continue paying their employees.

Continue Reading

BizNews

Shopee launches #TatakPinoy virtual trade fair to support Filipino businesses

Shopee, the leading e-commerce platform in Southeast Asia and Taiwan, launches #TatakPinoy, a virtual trade fair geared towards supporting homegrown Filipino brands and micro, small, and medium enterprises (MSMEs).

Published

on

Shopee, the leading e-commerce platform in Southeast Asia and Taiwan, launches #TatakPinoy, a virtual trade fair geared towards supporting homegrown Filipino brands and micro, small, and medium enterprises (MSMEs). 

Shopee consistently advocates for the growth of local businesses. Amid the COVID-19 lockdown, which forced hundreds of Filipino businesses to close physical shops, Shopee supported over 1,000 sellers transitioning online through Shopee’s Seller Masterclasses and its partnerships with the Department of Trade and Industry (DTI), United States Agency for International Development (USAID), and local government units. The initiatives helped Filipino entrepreneurs gain a basic understanding of e-commerce and digital marketing. Sellers were also able to master Shopee’s marketing tools, helping them achieve their maximum potential in e-commerce. 

To further strengthen support for local entrepreneurs, Shopee and DTI are set to launch the very first #TatakPinoy Virtual Trade Fair, a campaign that aims to promote products from Filipino brands and local MSMEs. From February 19 – 21, shoppers can discover local delicacies and pasalubong items, particularly those from Regions XII and IV-A, on Shopee. They can also buy products from Filipina-owned businesses, championed by Shopee and USAID’s partnership to empower local female entrepreneurs. 

In its statement, DTI’s Bureau of Domestic Trade Promotion announced, “The Department of Trade and Industry – Bureau of Domestic Trade Promotion is proud to be a partner for #TatakPinoy on Shopee. This initiative will connect thousands of consumers to more than a hundred MSMEs on one platform. We invite Filipinos from all over the country to patronize and take pride in products that are certified #TatakPinoy from the National Trade Fair Pop-up Store and Go Lokal! Shopee Mall.”

Martin Yu, Director at Shopee Philippines, said, “We strongly believe in the importance of uplifting homegrown entrepreneurs. From microbusinesses to SMEs, these local brands all contribute to the Philippine economy’s growth as a whole. Considering that most local businesses still can’t promote their products outside of online platforms due to the pandemic, Shopee also wants to create the opportunity to showcase the best Filipino brands. We will continue to spearhead campaigns that help reignite pride and demand for local products and drive the growth of the economy.”

Aside from discovering high-quality local craftsmanship and assisting local businesses in the process, shoppers can enjoy exclusive discounts up to 10% off on participating Filipino brands such as Colourette, Vice Cosmetics, and Human Nature. 

Shoppers can also enjoy more deals when they checkout using ShopeePay. For more information about the #TatakPinoy Virtual Trade Fair, visit https://shopee.ph/m/tatak-pinoy

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending