Wednesday, January 3, 2018

Over and out

Good communication is one of the basic pillars in a company and although it seems simple, many times, it´s difficult to achieve. There are studies that claim that a large percentage of business problems are the result of poor communication. Despite the new technologies and the arrival of IoT devices to most companies, as the level of connectivity between the members of the organization increases, the attack surface is also bigger.

According to the latest edition of EY's "Global Information Security Survey," most security leaders feel they are more at risk today than they were 12 months ago. It is estimated that the global cost of cybersecurity infractions will reach 6 trillion dollars in 2021, taking into account this fact it might seem that communication is one of the minor concerns of a company, but many of the current problems in the world of Cybersecurity is due to the stagnation of information in some of the points of the chain of command.

This study surveyed the information chiefs (CIO), the information security chiefs (CISO) and other executives of 1,200 organizations around the world. More than 50 percent of the responses to the survey come from small and medium organizations with fewer than 2,000 employees. Although the five main sectors of respondents were the banking and capital markets, consumer products and retail, government, insurance and technology, other sectors were also included, such as health, energy and public services, and real estate.

While cybersecurity is becoming a topic of regular discussion in the boardroom, the frequency and quality of interactions between security leaders and directors is a key factor in determining the availability and "cyber-resistance" of the organization. Considering the amount of our lives and businesses that depend on technology, it is not a good omen that only 4% of organizations confirm that they have "fully considered" the implications of cybersecurity for their business decisions.

When it comes to the preparation of the superior ranks of the company, the findings of this study provided a varied result. While 24% of the organizations said that the CISO or its equivalent is on the board at the time of decision-making, only 50% of CISOS regularly report to management positions and 63% make the department Security report to the IT department of the company. More worrisome is that 43% of respondents said they lack a communication strategy or plan to respond to an attack.

Another alarming fact is that, according to the survey, 75% of respondents rated the maturity of their vulnerability identification as very low to moderate. This data is significant because, although cyber risks are not just a problem of the IT department, many attack vectors depend on the weaknesses and vulnerabilities of the same. That is why it is more important than ever for the organization to look at the effectiveness of its controls and the general maturity of cybersecurity activities.

Many organizations are concerned about their legacy systems, with 46% of security leaders listing obsolete security controls or architecture as one of the two main factors that increase their exposure to risk. In terms of threats, the first two were malware and phishing. Meanwhile, somewhat surprisingly, 35% of respondents described their policies regarding data protection as "ad hoc or non-existent".

Although the results of the survey show dark clouds, the good news is that the solutions to remedy the problems mentioned above are within reach of any company. These solutions are based on working in the basics, for most organizations, it is essential to focus on simple controls such as the periodic application of patches and proof of incident response plans. Because in the end, whoever wants can protect themselves.


Post a Comment