BY Fraser Tennant
Global organisations are more adept than ever at detecting a cyber attack but are struggling to cope with the aftermath of a breach, according to a new survey by EY.
In ‘Path to cyber resilience: Sense, resist, react’, EY’s 19th Global Information Security Survey (GISS) 2016-17, some of the most compelling cyber security issues facing businesses in today’s digital ecosystem are examined, with respondents indicating that cyber security threats, such as malware, phishing, cyber security to steal financial information, or cyber attacks to steal intellectual property or data, are on the rise.
EY’s findings show that although 50 percent of the 1735 global organisations surveyed said they could detect a sophisticated cyber attack – due to investments in cyber threat intelligence to predict what they can expect from an attack, continuous monitoring mechanisms, security operations centres (SOC) and active defence mechanisms – 86 percent said that, despite these investments, their cyber security function does not fully meet their organisation's needs.
Additionally, 64 percent of organisations stated that they did not have a formal threat intelligence programme or had only an informal one at best. When it came to the matter of identifying vulnerabilities, 55 percent of respondents said they did not have vulnerability identification capabilities or had only informal capabilities. Moreover, 44 percent indicated they did not have a SOC to continuously monitor for cyber attacks.
"Organisations have come a long way in preparing for a cyber breach, but as fast as they improve, cyber attackers come up with new tricks,” said Paul van Kessel, EY global advisory cyber security leader. “Organisations therefore need to sharpen their senses and upgrade their resistance to attacks. They also need to think beyond just protection and security to 'cyber resilience' – an organisation-wide response that helps them prepare for and fully address these inevitable cyber security incidents.
When asked about any recent cyber security incidents, 57 percent of respondents said they had experienced an incident. Furthermore, 48 percent cited outdated information security controls or architecture as their highest vulnerability – a 34 percent increase on the findings of the 2015 survey.
Mr van Kessel continued: “In the event of an attack organisations need to have a plan and be prepared to repair the damage quickly. If not, they put their customers, employees, vendors and ultimately their own future, at risk."