AT&T is again sounding the alarm for businesses to do a better job of preparing for the inevitability of a cybersecurity breach, using its latest Cybersecurity Insights Report to detail ways to plan a response that better protects assets and customer relationships.
"As the number and kinds of cyberattacks continue to grow, breaches are inevitable," Porter writes. "In 2015, 62% of organizations reported having security breaches. Forty-two percent of these businesses said the negative impact on their business was significant. Yet 66% of organizations have no effective incident response plan."
For major businesses with more complex networks, the average downtime after a breach was 23 hours, while for midsized businesses it was 14 hours. In addition, breach victims suffered loss of revenues and customers and damage to their brands as a result.
AT&T's latest report, called "The CEO's Guide to Cyberbreach Response," which can be accessed here, spells out how an enterprise can create a cross-functional team to develop a response plan and how that plan should be frequently tested. And it outlines specific elements of a strong response, to include removing or isolating the source of the problem, assessing legal implications, determining the root cause and defining the critical business impact.
Some of what AT&T is advising would seem like common sense, but, for all the concern about cybersecurity, the statistics Porter cites in his blog show that businesses may be worried about breaches but aren't translating that worry into the proper preparation.
— Carol Wilson, Editor-at-Large, Light Reading