Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Study Reveals Our Vulnerabilities to Repeat Cyberattacks

DZone's Guide to

Study Reveals Our Vulnerabilities to Repeat Cyberattacks

While companies scramble to get their system back in order after a cyberattack, they open themselves up for yet another, potentially worse, hack.

· Security Zone
Free Resource

Discover an in-depth knowledge about the different kinds of iOS hacking tools and techniques with the free iOS Hacking Guide from Security Innovation.

I wrote recently about the Inter-ACE Cybersecurity Challenge event held in Cambridge that aimed to uncover some of the finest cyber talent in the country. The event is notable because many organizations lack the talent required to tackle the cybersecurity challenges they face.

Indeed, over 2/3 of companies reveal difficulties attracting the skills required to ensure their IT systems are safe from attack. Even if you have the skills required, organizational processes can still leave you vulnerable to attack.

A recent study by researchers at the University of Portsmouth suggests that we have a blind spot that leaves us vulnerable to cyber attack.

Cyber Vulnerabilities

The study found that when organizations are attacked by hackers, the length of time taken to recover, and the resources required to do so, leave them vulnerable to subsequent attacks. The authors suggest this blind spot is the interval between the recovery from the first incident and the subsequent incident.

The author examined data from the VERIS database, which records incidents of cyberattacks across a range of industries and different organizational sizes.

“Cyberattacks and data breaches are becoming more and more frequent and most companies will have plans for a counterattack in place,” the authors say.  “However, the problem arises when you look into organizations’ recovery times. If a company takes a month to recover from a cyberattack, but the next incident is a week away, there is a real risk that the subsequent attack can’t be tackled because recovery resources will have been deployed to handle the first attack.”

Diverted Resources

It stands to reason that with the limited resources companies have at their disposal they are often only capable of tackling one problem at a time. Interestingly, when the VERIS data was analyzed, it came to light that organizations were especially vulnerable between April and October.

“This finding is surprising because you’d expect August and December to be the months that companies are unprepared when staff are most likely to be on holiday. My analysis found that in April and October it took days for companies to recover from an attack, rather than hours,” the author says. “This could be due to peeks in attacks being during those months or due to internal reasons, but I’d need to do further analysis to drill down the details.”

Whilst the paper doesn’t provide any strategies for organizations to deploy to overcome this, the hope is that by raising awareness of the issue, organizations can at least begin to plan accordingly.

“I hope the findings will help minimize the threats against cyberattacks in an increasingly digital world. Lots of businesses are prepared to combat one attack, but now they need to prepare for multiple attacks,” they concluded.  “Although our new metric does not identify the cause of an attack or suggest a solution, we hope it can help as objective evidence for IT managers to argue for more organizational support or resources to secure their infrastructure so they are well prepared to combat numerous attacks.”

Learn about the importance of a strong culture of cybersecurity, and examine key activities for building – or improving – that culture within your organization.

Topics:
security ,cyberattacks ,vulnerabilities

Published at DZone with permission of Adi Gaskell, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}