‘Mean blind spot’ leaves organisations vulnerable to cyber attack

Cyber attacks are becoming more frequent

Cyber attacks are becoming more frequent

New research has identified a ‘mean blind spot’, which leaves organisations vulnerable to cyber attack – particularly in the months of April and October.

A study by the University of Portsmouth found the length of recovery time between cyber attacks can leave organisations susceptible to further attacks. This ‘mean blind spot’ is the average interval between the recovery from an existing incident and the occurrence of a new incident.

Dr Benjamin Aziz, senior lecturer from the School of Computing, conducted the research using a community dataset of cyber incidents known as VERIS. The data is collected from a wide range of industries and different types and sizes of organisations.

Dr Benjamin Aziz

Computing expert Dr Benjamin Aziz

He said: “Cyber attacks and data breaches are becoming more and more frequent and most companies will have plans for counterattack in place.

“However, the problem arises when you look into organisations’ recovery times. If a company takes a month to recover from a cyber attack, but the next incident is a week away, there is a real risk that the subsequent attack can’t be tackled because recovery resources will have been deployed to handle the first attack.

“When you layer recovery times on top of each other there is a blind spot, where your resources are depleted and recovery time is slow. This is when companies are in danger of leaving themselves open to multiple attacks.”

In his analysis of VERIS data, Dr Aziz also found that organisations are least prepared to tackle security incidents in the months of April and October.

He said: “This finding is surprising because you’d expect August and December to be the months that companies are unprepared, when staff are most likely to be on holiday. My analysis found that in April and October it took days for companies to recover from an attack, rather than hours.

The blind spot is the average interval between the recovery from an existing incident and the occurrence of a new incident.

The blind spot is the average interval between the recovery from an existing incident and the occurrence of a new incident.

“This could be due to peeks in attacks being during those months or due to internal reasons, but I’d need to do further analysis to drill down the details.”

Dr Aziz hopes his research gives organisations an insight into the resilience of their IT infrastructure, the recovery cost of internet attacks and the future cost to defend against them.

He said: “I hope the findings will help minimise the threats against cyber attacks in an increasingly digital world. Lots of businesses are prepared to combat one attack, but now they need to prepare for multiple attacks.

“Although our new metric does not identify the cause of an attack or suggest a solution, we hope it can help as objective evidence for IT managers to argue for more organisational support or resources to secure their infrastructure so they are well prepared to combat numerous attacks.”

UoP News © 2017 All Rights Reserved