Companies See Cyber Threats But Can’t Deal With Them

As the risk of cyber-crime intensifies most, large organizations are still not prepared to deal with the onslaught of digital attacks. Keeping pace with digital criminals requires collaboration among businesses, law enforcement and service providers, but also within companies.

Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

Countering cyber-crime will require collaboration among government, businesses and law enforcement, sharing intelligence, resources and practices to match the agility of criminals gangs, researchers concluded.

The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT.

While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report.

Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber-crime tools. Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals.

Business also worry about other methods of gaining access to data and systems, such as blackmailing and bribing employees or planting criminals within organizations. While 96 percent said criminal entrepreneurs could be bribing employees, only 44 percent had preventative measures in place.

Obstacles to rapid responses to the threat are many, researchers found. Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber-crime. Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes. Lack of investment and even cultural change within organizations were cited as barriers.

Dependence on third-party providers and contracts with third parties to meet security needs was also an impediment. Researchers found that the majority of firms have mostly or fully outsourced the running of their security program, the investigation of incidents and the coordination of responses to breaches. 

This raises the question of the extent to which companies should retain in-house expertise and whether outsourced providers understand their clients' business well enough to furnish a credible response to compromises, according to the study.

To keep pace with the threat, organizations must collaborate with each other, with law enforcement and within internal departments and functions, researchers concluded.

“Businesses in all sectors have a common and aligned interest in fighting digital crime,” they said. 

“By working together they can exchange intelligence, fund innovation, share best practices and develop common strategies.” They should also work with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry “in a concerted effort” to make it harder and more costly for cyber criminals to pursue their objectives.

Companies also must foster collaboration among their own departments and functions — for example, by ensuring that their security and anti-fraud teams work together to thwart criminal activity “at every step,” from system breaches to the point where attackers seek to monetize their actions by selling stolen data, the study said.

“It’s important to remember that no system can ever be 100 percent secure, so a holistic, organization-wide approach is required,” researchers stated.

Meanwhile, according to the study, individual companies can take steps against cyber-crime by gathering intelligence on changing tactics and new threats by making it easier for employees and clients to raise issues and share information; working with management teams to identify data and assets criminals might target and why; and build internal strategies to focus investments on combating cyber-crime on the basics — protecting critical information and being able to respond quickly if compromised.

FedScoop

Information-Management

 

« Cybersecurity Is A Boardroom Blind Spot
Key Trends In Machine Learning & Artificial Intelligence »

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

Thursday August 27, 2020: Join SANS and AWS Marketplace to learn how you can leverage solutions to create visibility at scale and allow you to do more with your data and improve your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Marclay Associates

Marclay Associates

Marclay are specialists in cyber and information security consulting and services.

Datasource Consulting

Datasource Consulting

We are experts in Data Architecture, Data Integration, Data Quality, Master Data Management, Data Governance, Reporting and Analytics, and Program Management.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

Accellion

Accellion

Accellion provides enterprise mobile file sharing solutions that enable anytime, anywhere access to information while ensuring security and compliance.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

SecureLink

SecureLink

SecureLink specialize in designing, delivering, managing and supporting cyber security solutions.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

COMPACT

COMPACT

COMPACT is a EU-funded project, that aims to strengthen the cyber-resilience of local public administrations (LPAs).

TechArch

TechArch

TechArch helps customers to optimize their investments in cybersecurity by providing them independent and vendor-neutral consultation and guidance.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.