Most of companies unprepared for cyberattacks

0

KUCHING: Most organisations (67 per cent) still face rising threats in their information security risk environment, and over a third (37 per cent) have no real-time insight on cyber risks necessary to combat these threats, says EY Global.

In its annual ‘Global Information Security survey: Get Ahead of Cybercrime’ which surveys 1,825 organisations in 60 countries, EY Global observed that companies lack the agility, the budget and the skills to mitigate known vulnerabilities and successfully prepare for and address cybersecurity.

In a press statement, Paul van Kessel, EY’s Global Risk Leader says,“Organisations will only develop a risk strategy of the future if they understand how to anticipate cybercrime. Cyber-attacks have the potential to be far-reaching – not only financially, but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non-compliance.”

He stressed, “Organisations must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries.

“Too many organisations still fall short in mastering the foundational components of cybersecurity. In addition to a lack of focus at the top of the organisation and a lack of well-defined procedures and practices, too many of the organisations we surveyed reveal they do not have a security operations center. This is a major cause for concern.”

Jason Yuen, Partner, IT Risk and Assurance, EY Malaysia added, “Beyond internal threats, organisations also need to think broadly about their business ecosystem and how relationships with third parties and vendors can impact their security posture.

“It’s only by reaching an advanced stage of cybersecurity readiness that an organisation can start to reap the real benefits of its cybersecurity investments.

“By putting the building blocks in place and ensuring that the programme is able to adapt to change, companies can start to get ahead of cybercrime, adding capabilities before they are needed and preparing for threats before they arise.”

Meanwhile, the report noted, 43 per cent of its respondents say that their organisation’s total information security budget will stay approximately the same in the coming 12 months despite increasing threats, which is only a marginal improvement to 2013 when 46 per cent said budgets would not change.

It added, over half (53 per cent) say that a lack of skilled resources is one of the main obstacles challenging their information security programme and only five per cent of responding companies have a threat intelligence team with dedicated analysts.

It noted, these figures also represent no material difference to 2013, when 50 per cent highlighted a lack of skilled resources and four per cent said they had a threat intelligence team with dedicated analysts.

It further observed, ‘careless or unaware employees’ is revealed as the number one vulnerability companies face, with 38 per cent of respondents saying it is their first priority, and ‘outdated information security controls or architecture’ and ‘cloud computing use’ are second and third respectively (35 and 17 per cent).

Stealing financial information, disrupting or defacing the organisation and stealing intellectual property or data are the top three threats (28, 25 and 20 per cent respectively say it is their first priority), EY Global reported.

The report encourages organisations to embrace cybersecurity as a core competitive capability.

“This requires keeping the organisation in a constant state of readiness, anticipating where new threats may arise and shedding the ‘victim’ mindset of operating in a perpetual state of anxiety,” it said.

EY Global in its report, advised organisations to remain alert to new threats, understand the threat landscape, know the organisation’s ‘crown jewels’ to better manage its priorities and ensure complete protection of the organisation, and focus on incident and crisis reponse.