Carbon Black has today published statistics that emphasise what we’ve been saying for years: cyber criminals take their ‘profession’ seriously, they invest in skills and capabilities, and they’re outperforming their targets.
That 92% of organisations admit to having been breached is hardly surprising, given the virulence of cyber crime. We suspect the reality is that most organisations are breached multiple times in a year and that the breach is often either not detected or ignored – until something really serious like the recent BA or Stena Line breach occurs, which has to be reported to the ICO.
The reality is that every little incident – someone who appears to be working from too many diverse geographic locations, spoofing of internal email addresses as part of a spear-phishing campaign, compromise of individual emails or documents – all of these may simply be the tips of cyber icebergs among which you, as a business, are navigating. Ignoring any one of them might lead to your organisation being sunk by the real iceberg.
Being Breach Ready is about more than just having a good incident response plan – it’s about ensuring that staff at all levels inside the organisation are paying attention to and reporting anomalies – and are prepared to do so even if they have mistakenly clicked on something they should have avoided. Successful navigation depends on determined surveillance!