I wrote recently about the Inter-ACE Cybersecurity Challenge event held in Cambridge that aimed to uncover some of the finest cyber talent in the country. The event is notable because many organizations lack the talent required to tackle the cybersecurity challenges they face.
Indeed, over 2/3 of companies reveal difficulties attracting the skills required to ensure their IT systems are safe from attack. Even if you have the skills required, organizational processes can still leave us vulnerable to attack.
A recent study from researchers at the University of Portsmouth suggests that we have a blind spot that leaves us vulnerable to cyber attack.
The study found that when organizations are attacked by hackers, the length of time taken to recover, and the resources required to do so, leave them vulnerable to subsequent attacks. The authors suggest this blind spot is the interval between the recovery from the first incident, and the subsequent incident.
The author examined data from the VERIS database, which records incidents of cyber attack across a range of industries and different organizational sizes.
“Cyber attacks and data breaches are becoming more and more frequent and most companies will have plans for counterattack in place,” the authors say. “However, the problem arises when you look into organisations’ recovery times. If a company takes a month to recover from a cyber attack, but the next incident is a week away, there is a real risk that the subsequent attack can’t be tackled because recovery resources will have been deployed to handle the first attack.”
This stands to reason, with the limited resources companies have at their disposal often only capable of tackling one problem at a time. Interestingly, when the VERIS data was analyzed, it emerged that organizations were especially vulnerable between April and October.
“This finding is surprising because you’d expect August and December to be the months that companies are unprepared, when staff are most likely to be on holiday. My analysis found that in April and October it took days for companies to recover from an attack, rather than hours,” the author says. “This could be due to peeks in attacks being during those months or due to internal reasons, but I’d need to do further analysis to drill down the details.”
Whilst the paper doesn’t provide any strategies for organizations to deploy to overcome this, the hope is that by raising awareness of the issue, organizations can at least begin to plan accordingly.
“I hope the findings will help minimise the threats against cyber attacks in an increasingly digital world. Lots of businesses are prepared to combat one attack, but now they need to prepare for multiple attacks,” they conclude. “Although our new metric does not identify the cause of an attack or suggest a solution, we hope it can help as objective evidence for IT managers to argue for more organisational support or resources to secure their infrastructure so they are well prepared to combat numerous attacks.”