Companies See Cyber Threats But Can’t Deal With Them

As the risk of cyber-crime intensifies most, large organizations are still not prepared to deal with the onslaught of digital attacks. Keeping pace with digital criminals requires collaboration among businesses, law enforcement and service providers, but also within companies.

Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

Countering cyber-crime will require collaboration among government, businesses and law enforcement, sharing intelligence, resources and practices to match the agility of criminals gangs, researchers concluded.

The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT.

While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report.

Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber-crime tools. Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals.

Business also worry about other methods of gaining access to data and systems, such as blackmailing and bribing employees or planting criminals within organizations. While 96 percent said criminal entrepreneurs could be bribing employees, only 44 percent had preventative measures in place.

Obstacles to rapid responses to the threat are many, researchers found. Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber-crime. Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes. Lack of investment and even cultural change within organizations were cited as barriers.

Dependence on third-party providers and contracts with third parties to meet security needs was also an impediment. Researchers found that the majority of firms have mostly or fully outsourced the running of their security program, the investigation of incidents and the coordination of responses to breaches. 

This raises the question of the extent to which companies should retain in-house expertise and whether outsourced providers understand their clients' business well enough to furnish a credible response to compromises, according to the study.

To keep pace with the threat, organizations must collaborate with each other, with law enforcement and within internal departments and functions, researchers concluded.

“Businesses in all sectors have a common and aligned interest in fighting digital crime,” they said. 

“By working together they can exchange intelligence, fund innovation, share best practices and develop common strategies.” They should also work with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry “in a concerted effort” to make it harder and more costly for cyber criminals to pursue their objectives.

Companies also must foster collaboration among their own departments and functions — for example, by ensuring that their security and anti-fraud teams work together to thwart criminal activity “at every step,” from system breaches to the point where attackers seek to monetize their actions by selling stolen data, the study said.

“It’s important to remember that no system can ever be 100 percent secure, so a holistic, organization-wide approach is required,” researchers stated.

Meanwhile, according to the study, individual companies can take steps against cyber-crime by gathering intelligence on changing tactics and new threats by making it easier for employees and clients to raise issues and share information; working with management teams to identify data and assets criminals might target and why; and build internal strategies to focus investments on combating cyber-crime on the basics — protecting critical information and being able to respond quickly if compromised.

FedScoop

Information-Management

 

« Cybersecurity Is A Boardroom Blind Spot
Key Trends In Machine Learning & Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

FFRI

FFRI

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

LuJam Cyber

LuJam Cyber

LuJam Cyber is a cybersecurity company that provides protection to SME Networks.

Securicy Data Solutions

Securicy Data Solutions

Securicy allows businesses to easily build and maintain their Information Security and Privacy Compliance program.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.