Story image

No confidence in detecting sophisticated cyber attacks

01 Dec 2015

Businesses across the world are lacking confidence when it comes to their ability to detect sophisticated cyber attacks, according to findings from the latest Global Information Security Survey from EY.

The survey of more than 1700 organisations reveals that 88% of respondents do not believe their information security structure fully meets their organisation’s needs.

When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its managements’ tolerance for risk.

The survey found the most likely sources of cyber attacks were criminal syndicates (59%), employees (56%) and hacktivists (54%), with state-sponsored (35%) in the sixth place.

“Organisations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats,” says Ken Allan, global cybersecurity leader, EY.

“Businesses should not overlook or underestimate the potential risks of cyber breaches,” he says.

“Instead, they should develop a laser-like focus on cybersecurity and make the required investments. The only way to make the digital world fully operational and sustainable is to enable organisations to protect themselves and their clients and to create trust in their brand.”

The survey found that companies currently feel less vulnerable to attacks arising from unaware employees (44%) and out-dated systems (34%); down from 57% and 52%, respectively, in the 2014.

However, they feel more threatened today by phishing and malware. Forty-four percent of respondents (compared with 39% in 2014) ranked phishing as their top threat; 43% consider malware as their biggest threat versus 34% in 2014.

The survey found that organisations are falling short in thwarting a cyber attack, with 54% saying they lack a dedicated function that focuses on emerging technology and its impact. Forty seven percent do not have a security operations centre, and 36% do not have a threat intelligence programme, while 18% do not have an identity and access management programme.

More than half (57%) of the respondents say the contribution and value that the information security function provides to their organisation is compromised by the lack of skilled talent available, compared with 53% of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.

Paul van Kessel, global risk leader, EY, says, “Cybersecurity is inherently a defensive capability, but organizations should not wait to become victims.

“Instead, they should take an ‘active defense’ stance, with advanced security operations centres that identify potential attackers and analyse, assess and neutralise threats before damage can occur,” he says.

“It is imperative that organisations consider cybersecurity as an enabler to build and keep customers’ trust,” van Kessel adds.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.