A ‘Mean Blind Spot’ is Leaving Companies Vulnerable to Cyber Attacks

New research has identified a ‘mean blind spot’, which leaves organisations vulnerable to cyber attack – particularly in the months of April and October.

A study by the University of Portsmouth found the length of recovery time between cyber attacks can leave organisations susceptible to further attacks. This ‘mean blind spot’ is the average interval between the recovery from an existing incident and the occurrence of a new incident.

[easy-tweet tweet=”Cyber attacks and data breaches are becoming more frequent” hashtags=”Security, Data”]

Dr Benjamin Aziz, a senior lecturer at the School of Computing, conducted the research using a community dataset of cyber incidents known as VERIS. The data is collected from a wide range of industries and different types and sizes of organisations.

He said: “Cyber attacks and data breaches are becoming more and more frequent and most companies will have plans for a counterattack in place.

“However, the problem arises when you look into organisations’ recovery times. If a company takes a month to recover from a cyber attack, but the next incident is a week away, there is a real risk that the subsequent attack can’t be tackled because recovery resources will have been deployed to handle the first attack.

“When you layer recovery times on top of each other there is a blind spot, where your resources are depleted and recovery time is slow. This is when companies are in danger of leaving themselves open to multiple attacks.”

In his analysis of VERIS data, Dr Aziz also found that organisations are least prepared to tackle security incidents in the months of April and October.

He said: “This finding is surprising because you’d expect August and December to be the months that companies are unprepared when staff are most likely to be on holiday. My analysis found that in April and October it took days for companies to recover from an attack, rather than hours.

“This could be due to peek in attacks being during those months or due to internal reasons, but I’d need to do further analysis to drill down the details.”

Dr Aziz hopes his research gives organisations insight into the resilience of their IT infrastructure, the recovery cost of internet attacks and the future cost to defend against them.

He said: “I hope the findings will help minimise the threats against cyber-attacks in an increasingly digital world. Lots of businesses are prepared to combat one attack, but now they need to prepare for multiple attacks.

“Although our new metric does not identify the cause of an attack or suggest a solution, we hope it can help as objective evidence for IT managers to argue for more organisational support or resources to secure their infrastructure, so they are well prepared to combat numerous attacks.”

+ posts

Meet Stella


Related articles

How to add AI to your cybersecurity toolkit 

A successful implementation of AI in cyber defense requires a solid data governance system, reimagined incident response frameworks, sufficient talent and expertise to manage the new system, and established documentation practices.

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Subscribe to our Newsletter