An FBI security expert has called on businesses of all sizes to adopt cyber incident response plans to combat a striking increase in global security threats.
Timothy Wallach, an FBI Supervisory Special Agent currently assigned to lead the Cyber Task Force in the US Seattle field office, told V3 businesses should make security planning for cyber incidents a top priority.
"Quite often [the FBI] responds to companies that don't have an incident response plan at all and they are the ones that have had intrusions in their networks for a year and so everything is stolen," he said.
"The companies that are more sophisticated in terms of security generally have the plan in place."
Many of these attacks are thought to have been carried out by government-backed groups, although Wallach said the techniques used for cyber attacks are often he same whether criminals or a nation state which makes attribution tough.
"There is a conflict. I'm not sure if I would classify it as a cyber war, but there are definitely hostile nation states targeting the US in certain sectors to steal information or disrupt operations," he said.
Meanwhile, on the subject of data access and how much access agencies like the FBI should have to encrypted data, Wallach said it should be carefully regulated by the courts.
"Having access to encrypted data is important as long as there are appropriate controls and it's regulated by the courts. We can get court orders and legal process for that," he said.
Wallach's comments came after new research commissioned by Trend Micro and Quocirca found that incident response planning, including carrying out 'cyber fire drills', remains underused by UK organisations.
Only 36 percent of companieshave cyber fire drills in place, although this is seven percent above the European average.
Rik Ferguson, global vice president of security research at Trend Micro, said a cyber fire drill is an extremely useful tool as it has a "positive feedback loop" built in.
"It seems like the fire drill scenario should be an easy win for most of the organisations [in the survey] as it's a simple add on, either to training or a penetration test, or ideally putting all of them together to create a fire drill out of things that people are apparently already doing and already paying for," he said.
"It's very important that we as an industry get everybody else to think more about security. There certainly should be a mindset of security first in everything you do."
Bob Tarzey, director of Quocirca, revealed that UK organisations are still more likely to be targeted, and receive a higher number of attacks in comparison with Europe.
However, the research found that the actual impact of a cyber breach is not as damning when the data is contrasted.
"UK organisations are less likely to be successfully targeted, according to their own reports. They are less likely to definitely have data stolen, and an attack is less likely to have a serious impact and less likely to involve a devastating loss of data," he said.
"That seems to imply that UK organisations are more hounded but less affected by targeted attacks."
The research also said that 52 percent of European and 53 percent of UK organisations fear that a cyber attack would have a serious impact on their operation. However, the majority of UK businesses said they had measures in place to mitigate targeted attacks.
The full security report with a more expansive breakdown of specific types of threats currently faced by UK businesses will be published in October.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers