Companies See Cyber Threats But Can’t Deal With Them

Uploaded on 2016-08-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

As the risk of cyber-crime intensifies most, large organizations are still not prepared to deal with the onslaught of digital attacks. Keeping pace with digital criminals requires collaboration among businesses, law enforcement and service providers, but also within companies.

Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

Countering cyber-crime will require collaboration among government, businesses and law enforcement, sharing intelligence, resources and practices to match the agility of criminals gangs, researchers concluded.

The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT.

While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report.

Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber-crime tools. Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals.

Business also worry about other methods of gaining access to data and systems, such as blackmailing and bribing employees or planting criminals within organizations. While 96 percent said criminal entrepreneurs could be bribing employees, only 44 percent had preventative measures in place.

Obstacles to rapid responses to the threat are many, researchers found. Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber-crime. Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes. Lack of investment and even cultural change within organizations were cited as barriers.

Dependence on third-party providers and contracts with third parties to meet security needs was also an impediment. Researchers found that the majority of firms have mostly or fully outsourced the running of their security program, the investigation of incidents and the coordination of responses to breaches. 

This raises the question of the extent to which companies should retain in-house expertise and whether outsourced providers understand their clients' business well enough to furnish a credible response to compromises, according to the study.

To keep pace with the threat, organizations must collaborate with each other, with law enforcement and within internal departments and functions, researchers concluded.

“Businesses in all sectors have a common and aligned interest in fighting digital crime,” they said. 

“By working together they can exchange intelligence, fund innovation, share best practices and develop common strategies.” They should also work with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry “in a concerted effort” to make it harder and more costly for cyber criminals to pursue their objectives.

Companies also must foster collaboration among their own departments and functions — for example, by ensuring that their security and anti-fraud teams work together to thwart criminal activity “at every step,” from system breaches to the point where attackers seek to monetize their actions by selling stolen data, the study said.

“It’s important to remember that no system can ever be 100 percent secure, so a holistic, organization-wide approach is required,” researchers stated.

Meanwhile, according to the study, individual companies can take steps against cyber-crime by gathering intelligence on changing tactics and new threats by making it easier for employees and clients to raise issues and share information; working with management teams to identify data and assets criminals might target and why; and build internal strategies to focus investments on combating cyber-crime on the basics — protecting critical information and being able to respond quickly if compromised.

FedScoop

Information-Management

 

« Cybersecurity Is A Boardroom Blind Spot
Key Trends In Machine Learning & Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Fullstack Academy

Fullstack Academy

A trailblazer in bootcamp education, Fullstack Academy prepares students for fulfilling careers in tech through our NYC campus, online learning, and university partnerships.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.