3. NTT Group’s Global Threat Intelligence Report
Perhaps even more shocking than the current global vulnerability rate was Flores citing that actually, many companies are aware of existing vulnerabilities, but do nothing to secure these. To demonstrate, he cited some key figures from the latest NTT Group Global Threat Intelligence Report around patching.
“I’m often asked by people and clients, how often should we patch? You’re probably not doing it enough.
“According to NTT Group, 74 per cent of organisations have no formal incident response program – you found the issue, so what are you going to do about? It’s important to understand that.
“Generally, organisations with no vulnerability management program take nearly 200 days to patch their systems,” he said.
According to the report, more than 99 per cent of identified vulnerabilities are still active one year after they’re discovered.
“Your people, or you, found a problem on your network in a computer somewhere and did nothing about it. In a year later, it’s still there,” Flores said.
Further, 76 per cent didn’t do anything to patch discovered vulnerabilities until after two years, and nine per cent didn’t do anything for 10+ years.
4. The Cyber Threat
In the effort to combat security risks, Flores recommended this book by Bob Gourley, director of Intelligence in the US’s first Department of Defense cyber defense organisation, and lead for cyber intelligence at Cognitio Corp.
“I encourage you to read this book, available electronically for next to nothing on Amazon – it’s really useful,” said Flores.
The book, which is also recommended by some other top players from the Cia, the US Air Force, the US Navy and the National Security Association (NSA), aims to teach technology and business executives how to enhance their business’ ability to defend against cyber-attacks. It focuses on developing ‘cyber intelligence’ as a way of making threat information actionable in support of business objectives.
“It includes lessons from historic and current operations, insights from companies under attack, and ways to enhance cyber intelligence support at strategic, operational and tactical levels,” said Flores.
As a free online resource, Flores recommended executives familiarise themselves with Threatbrief.com – a helpful online resource created by Flores’ analyst firm, Cognito, which is updated with 8-12 new articles daily.
Threatbrief’s content offers insights into the global security landscape, offers advice on how to reduce personal and business risks, and better inform readers’ strategic decision-making.
In particular, Flores’ recommended technology leaders access the featured paper discussing the five questions that executives should be asking around cyber security – “then ask yourself those,” he said.
Finally, in emphasising the need for organisations to develop their own cyber intelligence programs internally, Flores concluded by stressing how important constant user education was, including a change in attitude around users and security generally.
Sign up for CIO Asia eNewsletters.