Companies See Cyber Threats But Can’t Deal With Them

As the risk of cyber-crime intensifies most, large organizations are still not prepared to deal with the onslaught of digital attacks. Keeping pace with digital criminals requires collaboration among businesses, law enforcement and service providers, but also within companies.

Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals. The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG.

Countering cyber-crime will require collaboration among government, businesses and law enforcement, sharing intelligence, resources and practices to match the agility of criminals gangs, researchers concluded.

The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT.

While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report.

Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber-crime tools. Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals.

Business also worry about other methods of gaining access to data and systems, such as blackmailing and bribing employees or planting criminals within organizations. While 96 percent said criminal entrepreneurs could be bribing employees, only 44 percent had preventative measures in place.

Obstacles to rapid responses to the threat are many, researchers found. Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber-crime. Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes. Lack of investment and even cultural change within organizations were cited as barriers.

Dependence on third-party providers and contracts with third parties to meet security needs was also an impediment. Researchers found that the majority of firms have mostly or fully outsourced the running of their security program, the investigation of incidents and the coordination of responses to breaches. 

This raises the question of the extent to which companies should retain in-house expertise and whether outsourced providers understand their clients' business well enough to furnish a credible response to compromises, according to the study.

To keep pace with the threat, organizations must collaborate with each other, with law enforcement and within internal departments and functions, researchers concluded.

“Businesses in all sectors have a common and aligned interest in fighting digital crime,” they said. 

“By working together they can exchange intelligence, fund innovation, share best practices and develop common strategies.” They should also work with telecom companies, Internet Service Providers, banks, credit-card providers, insurers and the security industry “in a concerted effort” to make it harder and more costly for cyber criminals to pursue their objectives.

Companies also must foster collaboration among their own departments and functions — for example, by ensuring that their security and anti-fraud teams work together to thwart criminal activity “at every step,” from system breaches to the point where attackers seek to monetize their actions by selling stolen data, the study said.

“It’s important to remember that no system can ever be 100 percent secure, so a holistic, organization-wide approach is required,” researchers stated.

Meanwhile, according to the study, individual companies can take steps against cyber-crime by gathering intelligence on changing tactics and new threats by making it easier for employees and clients to raise issues and share information; working with management teams to identify data and assets criminals might target and why; and build internal strategies to focus investments on combating cyber-crime on the basics — protecting critical information and being able to respond quickly if compromised.

FedScoop

Information-Management

 

« Cybersecurity Is A Boardroom Blind Spot
Key Trends In Machine Learning & Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Performanta

Performanta

Performanta offer a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.