Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Many organizations are still unprepared for cyber attacks

Most organizations (67 percent) are facing rising threats in their information security risk environment, but over a third (37 percent) have no real-time insight on cyber risks necessary to combat these threats. This is one of the headline findings of EY’s annual Global Information Security survey, Get Ahead of Cybercrime, which this year surveyed 1,825 organizations in 60 countries.

Companies are lacking the agility, the budget and the skills to mitigate known vulnerabilities and successfully prepare for and address cybersecurity:

43 percent of respondents say that their organization’s total information security budget will stay approximately the same in the coming 12 months despite increasing threats, which is only a marginal improvement to 2013 when 46 percent said budgets would not change.

Over half (53 percent) say that a lack of skilled resources is one of the main obstacles challenging their information security program and only 5 percent of responding companies have a threat intelligence team with dedicated analysts. These figures also represent no material difference to 2013, when 50 percent highlighted a lack of skilled resources and 4 percent said they had a threat intelligence team with dedicated analysts.

‘Careless or unaware employees’ was revealed as the number one vulnerability companies face, with 38 percent of respondents saying it is their first priority, and ‘outdated information security controls or architecture’ and ‘cloud computing use’ were the second and third biggest vulnerabilities respectively (35 percent and 17 percent).

‘Stealing financial information,’ ‘disrupting or defacing the organization’ and ‘stealing intellectual property or data’ are the top three threats (28 percent, 25 percent and 20 percent respectively say it is their first priority).

This year’s survey finds that organizations need to do a better job of anticipating attacks in an environment where it is no longer possible to prevent all cyber breaches, and where threats come from ever more resourceful and well-funded sources.

The report encourages organizations to embrace cybersecurity as a core competitive capability. This requires keeping the organization in a constant state of readiness, anticipating where new threats may arise and shedding the ‘victim’ mindset of operating in a perpetual state of anxiety.

To reach this state, the report recommends:

  • Remaining alert to new threats: leadership should address cyber threats/risks as a core business issue, and put in place a dynamic decision process that enables quick preventative action.
  • Understanding the threat landscape: organizations should have a comprehensive, yet targeted, awareness of the wider threat landscape and how it relates to the organization, and invest in cyber threat intelligence.
  • Knowing your ‘crown jewels’: there should be a common understanding across the organization of the assets that are of greatest value to the business, and how they can be prioritized and protected.
  • Focusing on incident and crisis response: organizations should regularly test the organization’s capabilities.
  • Learning and evolving: cybersecurity forensics is a critical piece of the puzzle. Organizations should closely study data from incidents and attacks, maintain and explore new collaborative relationships and refresh their strategy regularly.

For further information and to download the 2014 report, visit www.ey.com/GISS

•Date: 3rd November 2014 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here