Companies See Cyber Threats But Can’t Deal With Them

Uploaded on 2016-08-07 in TECHNOLOGY--Resilience, NEWS-News Analysis, FREE TO VIEW

As the risk of cyber-crime intensifies most, large organizations are still not prepared to deal with the onslaught of digital attacks. Keeping pace with digital criminals requires collaboration among businesses, law enforcement and service providers, but also within companies.

Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

Countering cyber-crime will require collaboration among government, businesses and law enforcement, sharing intelligence, resources and practices to match the agility of criminals gangs, researchers concluded.

The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT.

While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report.

Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber-crime tools. Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals.

Business also worry about other methods of gaining access to data and systems, such as blackmailing and bribing employees or planting criminals within organizations. While 96 percent said criminal entrepreneurs could be bribing employees, only 44 percent had preventative measures in place.

Obstacles to rapid responses to the threat are many, researchers found. Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber-crime. Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes. Lack of investment and even cultural change within organizations were cited as barriers.

Dependence on third-party providers and contracts with third parties to meet security needs was also an impediment. Researchers found that the majority of firms have mostly or fully outsourced the running of their security program, the investigation of incidents and the coordination of responses to breaches. 

This raises the question of the extent to which companies should retain in-house expertise and whether outsourced providers understand their clients' business well enough to furnish a credible response to compromises, according to the study.

To keep pace with the threat, organizations must collaborate with each other, with law enforcement and within internal departments and functions, researchers concluded.

“Businesses in all sectors have a common and aligned interest in fighting digital crime,” they said. 

“By working together they can exchange intelligence, fund innovation, share best practices and develop common strategies.” They should also work with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry “in a concerted effort” to make it harder and more costly for cyber criminals to pursue their objectives.

Companies also must foster collaboration among their own departments and functions — for example, by ensuring that their security and anti-fraud teams work together to thwart criminal activity “at every step,” from system breaches to the point where attackers seek to monetize their actions by selling stolen data, the study said.

“It’s important to remember that no system can ever be 100 percent secure, so a holistic, organization-wide approach is required,” researchers stated.

Meanwhile, according to the study, individual companies can take steps against cyber-crime by gathering intelligence on changing tactics and new threats by making it easier for employees and clients to raise issues and share information; working with management teams to identify data and assets criminals might target and why; and build internal strategies to focus investments on combating cyber-crime on the basics — protecting critical information and being able to respond quickly if compromised.

FedScoop

Information-Management

 

« Cybersecurity Is A Boardroom Blind Spot
Key Trends In Machine Learning & Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Cyber-Physical Systems Security Institute (CPSSI)

Cyber-Physical Systems Security Institute (CPSSI)

CPSSI is a non-profit, by-invitation-only research and educational organization focused on practical and theoretical solutions to the cybersecurity challenges facing Cyber-Physical Systems.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.