Wednesday, July 27, 2016

Irish way Cybersecurity

"What was just a criminal wave just a few years ago has become a global pandemic, described by Ginni Rometty, CEO at IBM, as "the biggest menace to every business in the world". These words are from Pat Larking, CEO at Ward Solutions, in the Whitepaper commissioned by her company  about the degree of knowledge and awareness of Irish business (North and South) to face cybercrime.  

Ireland, of course. The same country which guests some of the biggest IT companies taxes and business centers for well known reasons. With this consideration in mind, it´s not strange that the study has caused a deep impact in some specialized pages because it drops sentences as almost half of this business will not reveal a security breach which could affect third parties, including customers and stakeholders. Something defined by Veracode as "holding your breach as a secret and other auto destructive decisions". This is striking because, nevertheless, one third of survey respondents recognize they hace suffered a security breach last year.

The study took place this year between may and june, reaching 133 high level IT professionals, as well as Ireland based companies decision-makers. Lest there should be any doubt about this "Irish headquarter", clarifies that they are tipically "big companies". Going on with the study, more than half of the questioned companies affirm that security issues have neither grown nor dropped on the last 12 months. Only a 1% dare to say they have fallen, while 3 out of 10 have seen a moderate increase: only a 25% more issues than during the previous 12 months.

Despite the incidents have dropped only marginally, and luckily they don't grow either, and the fact that a third of the companies have suffered a breach on the last year, there are more than a quarter (26%) that have not made any plan to face them in the near future. And almost the same number (23%) say they have no policies o control systems referred to third parties handling data. Not very promising prospects.

However, it will not be caused by the lack of potential investments. Almost half of the consulted professionals assure that the cybersecurity budget will remain intact in the next 12 months, and for the rest it will be increased. In some cases (more than 5%)  it will be a 100% increase, or even more, compared to the previous stage. Thereby implying that, at least, there is an awareness degree for more than half of the boards; and this is indeed the case: almost 6 of every 10 boards have enough awareness of the cybersecurity situation of their companies. Any way, in 3 out of 10 cases the consulted professionals gave the opposite answer, and 1 out of 10 say they don't know. The awareness degree concerning to having a crisis plan in case an incident happens is slightly above: 5 porcentual points more for Yes and 6 less for No.

Talking about data in third parties hands, most of the companies have control systems. With reservations in some cases: 29% don´t realize audits and 14% of them make them only at the start on the jobs.  And there is a non negligible 23% wich do not apply policies or proceedings or controls. If they are questioned about the trust on their data storage by a third party, 3 out of 10 consulted professionals commit fully to this third party, 1 out of 10 don´t trust on them and a remarkable 1% say they don´t know it they can trust in this third party or not.

The study is a recommended reading (and lightweight), and it concludes with a summary and some recommendations:
  • Focus on the basic first.
  • Don't try to reinvent the wheel. 
  • Keep the process evaluate-mitigate-verify-trust-verify again when talking about risks.
  • Close the knowledge and communication gap. 
  • Spend with wisdom. 
  • Implement a holistic cybersecurity model.  
  • Protect, detect, respond and recover.
Besides this study about Irish companies, in the last seven days there are the noteworthy results of a RSA´s study about the overconfidence on perimetral defenses, and a whitepaper made by Vircom which is very tough on Microsoft. 


Post a Comment