Who Is Winning The Cyber War?

Uploaded on 2016-03-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Who is winning the cyber war, the criminals and hackers or network and system defenders?  ISACA and RSA Conference wanted to answer this question so we conducted the second annual State of Cybersecurity study, which was released at the RSA Conference.

The data shows us that the answer is a bit unclear. Cyber attacks are still pervasive. We are still experiencing many of the same attack types that have plagued organizations for years. And it is increasingly difficult to hire fully capable cyber-practitioners and others who are part of the enterprise assurance and risk management network.

The good news is that executives and board members are very concerned. They recognize that cyber threats are harming the bottom line and that—if they want to deploy leading-edge technologies and offer new technology-based services and products—they need to ensure that security is designed in and that personal information is protected.

One-third of the 461 Cyber and information security specialists who participated in the study reported that their organization was a cyber-victim in 2016. While this is a high number in itself, an additional 20 percent did not know if their organization had been a victim. When asked about the frequency of attacks, the largest number (23 percent) reported experiencing cyber-attacks at least quarterly.

The most frequent attacks were phishing, malicious code incidents, physical loss of computing or mobile devices, and hacking.

As you might expect, the experience of attacks on a daily, weekly or monthly basis were reported less frequently. An alarming trend is that 54 percent of study participants did not know how frequently they experience cyber-incidents. While 73 percent believed they were able to detect and to respond to incidents, 42 percent felt they could only do so for simple attacks. In an era of increasingly sophisticated and persistent attacks, being able to identify and respond to attacks is imperative.

Board and executive concern and support for cyber activities are increasing. Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity. This is not surprising given the higher level of awareness about cyber in general and the number of high profile attacks that we have recently seen.

Executive support for cyber is essential. We find that executive support for enforcing security policy (66 percent) and providing needed funding (63 percent). The challenge is that less than half of executives follow good security practices themselves (43 percent) or mandate cyber awareness (59 percent). Cyber is not only a technical problem. Many attacks target the weakest link, executives who do not follow good practices, and employees who are security unaware.

Technical solutions to address cyber threats are getting better. We have all witnessed how technology vendors are enhancing current products. New startup companies are bringing very exciting products to the market. These however will not solve the problem alone.

More important is the need to address the critical shortage of skilled cyber practitioners. Security executives are finding this difficult. The majority (54 percent) reported that it takes from three to six months to find a candidate. Less than half of these candidates (59 percent) are fully qualified on hire. Slightly more than 60 percent lack the required technical skills. Three quarters do not have the necessary understanding of the business to be effective. Slightly more than 60 percent do not have needed communication skills. Security will never be effective if new practitioners don’t have a strong technical understanding, the ability to address cyber-risks in business language, and if they cannot clearly and concisely communicate security issues.

While technology will help us meet cyber-challenges, it is also creating new opportunities for compromise. Cyber specialists are concerned about the rapid development of artificial intelligence products as well as the Internet of Things (IoT). We have all seen reports of advanced technologies, including medical devices and self-driving cars being hacked. More than half of those participating in the study are concerned or very concerned about the risk associated with the IoT. Forty-two percent believe that cyber risk associated with artificial intelligence will increase in the short term and 62 percent believe that risk will increase in the long term.

So, are we winning the cyber war? Not yet. We win some battles, but we are still plagued by attack types that have been long standing problems. We may not always be aware that we are being attacked, so we are too often late in responding. We are building our capabilities by deploying good technologies, but we don’t have sufficient skilled staff to bring to the battle. We still have too many leaders who say they support cybersecurity but do not consistently follow best practices or encourage cyber awareness in the enterprise.

To further complicate things, advanced technologies are expected to gain wide acceptance when we are still unsure about the risk they represent. The good news is that the challenges we are experiencing can be solved. We see increased attention to cyber by governments, research institutes and enterprise decision makers. Public awareness is increasing. Programs are being offered to solve the skill shortage. With skills-based training and performance-based testing, we are building the front line defenders and responders capable of engineering strong defenses and aggressive response plans.

Information-Management: http://bit.ly/1QMtYTr

« Recovered IS Document Reveal 22,000 Recruits
Communications Breakdown: CISOs & Company Boards »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.

Tutanota

Tutanota

Tutanota is the world’s first end-to-end encrypted mail service that encrypts the entire mailbox.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.