IT disaster recovery, cloud computing and information security news

Daisy

Many global organizations still lack confidence in their ability to detect sophisticated cyber attacks: EY survey

More than one-third (36 percent) of global organizations still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY's Global Information Security Survey 2015, Creating trust in the digital world.

The survey of 1,755 organizations from 67 countries examines some of the most important cybersecurity issues facing businesses today and finds that 88 percent do not believe their information security structure fully meets their organization's needs. When it comes to IT security budgets, 69 percent say that their budgets should be increased by up to 50 percent to align their organization's need for protection with its managements' tolerance for risk.

The most likely sources of cyber attacks: criminal syndicates (59 percent), hacktivists (54 percent) and state-sponsored groups (35 percent) retained their top rankings. However, compared with last year's survey, respondents rated these sources as more likely: up from 53 percent, 46 percent, and 27 percent, respectively, in 2014.

Vulnerabilities and threats: a shift in perceptions

The survey found that companies currently feel less vulnerable to attacks arising from unaware employees (44 percent) and outdated systems (34 percent); down from 57 percent and 52 percent, respectively, in the 2014 Global Information Security Survey (GISS). However, they feel more threatened today by phishing and malware. Forty-four percent of respondents (compared with 39 percent in 2014) ranked phishing as their top threat; 43 percent consider malware as their biggest threat versus 34 percent in 2014.

The survey also found that organizations are falling short in preventing cyber attacks:

  • 54 percent say they lack a dedicated function that focuses on emerging technology and its impact;
  • 47 percent do not have a security operations center / centre;
  • 36 percent do not have a threat intelligence program, while 18 percent do not have an identity and access management program.

More than half (57 percent) said that the contribution and value that the information security function provides to their organization is compromised by the lack of skilled talent available, compared with 53 percent of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.

Some examples of the industries surveyed:

EY's Global Information Security Survey 2015 – Sector highlights

Industries

Likely sources

of cyber attacks

Top priorities for

information security

Companies not changing security budget over next 12 months

Consumer products

Employees: 61%

 

Criminal syndicates: 52%

 

External contractors: 43%

Business continuity/disaster recovery resilience: 59%

 

Data leakage/data loss prevention:50%

 

Incident response capabilities: 40%

38%

Banking and capital markets

Cyber attacks to steal financial information:21%

 

Malware: 20%

 

Fraud: 19%

Data leakage/data loss prevention:67%

 

Business continuity/disaster recovery: 56%

 

Identify and access management:56%

33%

Power and utilities

Outdated security information, careless or unaware employees, malware: 20% each

Business continuity/disaster protection: 52%

 

Data leakage/data loss prevention:44%

 

Security operations, such as anti-virus, patching, encryption: 43%

33%

 

More details.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.