Story image

No confidence in detecting sophisticated cyber attacks

01 Dec 15

Businesses across the world are lacking confidence when it comes to their ability to detect sophisticated cyber attacks, according to findings from the latest Global Information Security Survey from EY.

The survey of more than 1700 organisations reveals that 88% of respondents do not believe their information security structure fully meets their organisation’s needs.

When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its managements’ tolerance for risk.

The survey found the most likely sources of cyber attacks were criminal syndicates (59%), employees (56%) and hacktivists (54%), with state-sponsored (35%) in the sixth place.

“Organisations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats,” says Ken Allan, global cybersecurity leader, EY.

“Businesses should not overlook or underestimate the potential risks of cyber breaches,” he says.

“Instead, they should develop a laser-like focus on cybersecurity and make the required investments. The only way to make the digital world fully operational and sustainable is to enable organisations to protect themselves and their clients and to create trust in their brand.”

The survey found that companies currently feel less vulnerable to attacks arising from unaware employees (44%) and out-dated systems (34%); down from 57% and 52%, respectively, in the 2014.

However, they feel more threatened today by phishing and malware. Forty-four percent of respondents (compared with 39% in 2014) ranked phishing as their top threat; 43% consider malware as their biggest threat versus 34% in 2014.

The survey found that organisations are falling short in thwarting a cyber attack, with 54% saying they lack a dedicated function that focuses on emerging technology and its impact. Forty seven percent do not have a security operations centre, and 36% do not have a threat intelligence programme, while 18% do not have an identity and access management programme.

More than half (57%) of the respondents say the contribution and value that the information security function provides to their organisation is compromised by the lack of skilled talent available, compared with 53% of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.

Paul van Kessel, global risk leader, EY, says, “Cybersecurity is inherently a defensive capability, but organizations should not wait to become victims.

“Instead, they should take an ‘active defense’ stance, with advanced security operations centres that identify potential attackers and analyse, assess and neutralise threats before damage can occur,” he says.

“It is imperative that organisations consider cybersecurity as an enabler to build and keep customers’ trust,” van Kessel adds.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.