research Archives - Page 13 of 13 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

research

Less than half of firms detect a cyber breach within an hour

 960 640 Stuart O'Brien
By:
0
0

A recent report by security intelligence firm LogRhythm has revealed that less than half of the organisations it monitored was able to detect a cyber security breach within an hour.

The research study, ‘Cybersecurity: Perceptions & Practices’, also found that less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.

The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the US, UK and Asia/Pacific, also revealed that a majority of organisations are only moderately confident in their ability to protect their companies against hackers.

“Cyber threats continue to grow in volume and intensity. Seemingly every month, another massive security breach dominates the headlines,” said Matt Winter, VP of Marketing and Business Development at LogRhythm. “To combat these threats, organizations need to carefully plan their budgets and strategies, while developing effective programs that tackle specific threats and keep them one step ahead of cyberattackers.”

The Current State of Security Maturity

Many companies are focused on growing their security maturity, and team size is an important indicator. The survey revealed that, on average, companies employ 12 cybersecurity professionals in their organization. However, more than half of the respondents said that they employ 10 orfewer professionals on their teams.

Special threat detection programs are another indicator of security maturity. This study found that most decision makers—more than 70 percent of respondents—have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service attacks. The vast majority of IT decision makers—95 percent—also use security software to prevent and react to threats. And more than a quarter deploy at least 10 security software solutions to manage security threats.

Level of Security Confidence

When it comes to confidence levels, about half of security decision makers believe that a determined hacker can still breach their organization. In fact, over one-third reported that their company has experienced a breach in the past year—ranging from 29 percent in the United States to 39 percent in the Asia-Pacific region.

When specifically asked about level of confidence, these decision makers revealed that they have only moderately positive confidence in their cybersecurity measures and abilities—suggesting an attitude that is more hopeful than truly confident.

Similarly, most IT executives—over 60 percent—are only somewhat confident that their security software can detect all major breaches. Likewise, they are only moderately confident that they can protect their companies from hackers.

In addition, the level of confidence in one’s security is also swayed by other variables, such as the implementation of programs that target specific types of threats. For instance, decision makers who did not report having programs to protect against threats such as ransomware, insider threats, and service denial attacks are less confident in their security programs. Unsurprisingly, that same segment reported slower rates of detection, response, and containment.

Ability to Respond to Cyberthreats

There are many factors that enable a security team to quickly detect and respond to an incident, including technology, process, programs, and people. When it comes to technology, a strong majority (nearly 80 percent) of IT executives said that a platform for security management, analysis, and response is beneficial—though only about a third rate such a platform as very beneficial. This response may reinforce the notion that true security confidence cannot be created with technology alone.

When asked to consider how their organization is operating from a Threat Lifecycle Management perspective—as an approach that includes discovery, qualification, neutralization and recovery from cyberattacks—IT executives were not overly optimistic. About a third of all respondents reported that they need help at virtually all stages in the TLM workflow, especially detecting, investigating, neutralizing, and recovering from cyberthreats.

Cybersecurity Funding

Security organizations need adequate funding to effectively fight cybercrime. However, the study found that the percentage of resources allocated to cybersecurity from the overall IT budget is often on the low side. Overall, one-third of executives allocate 10 percent or less of their IT budget to security. Regionally, the U.S. had the lowest rate, and Asia-Pacific the highest.

When asked about their comfort level with security funding, 57% of IT executives indicated they are moderately comfortable with their companies’ level of security funding; however, nearly a quarter said they are not comfortable. From a regional perspective, executives in the United States were less likely to think the level of their security funding is appropriate.

The full results of the survey can be found here https://logrhythm.com/cybersecurity-perceptions-practices-survey-white-paper/

50% of UK manufacturers affected by hacks

 960 640 Stuart O'Brien
By:
0
0

Nearly a half of UK manufacturers have been the victim of cyber crime, with the sector now the third most targeted for attack, according to a new report.

The report, published by EEF and AIG and carried out by The Royal United Services Institute (RUSI), pinpoints the susceptibility of manufacturers to cyber risk, revealing that 41 per cent of companies do not believe they have access to enough information to even assess their true cyber risk. And 45 per cent feel that they do not have access to the right tools for the job.

Cyber threat is holding back companies from investing in digital technologies, reveals the research, with a third of those surveyed nervous of digital improvement. Moreover, a worryingly large 12 per cent of manufacturers admit they have no technical or managerial processes in place to even start assessing the real risk.

The report highlights that one of the easiest forms of cyber attack comes through poorly protected office systems, often the first implemented historically within manufacturing businesses. The report looks at a number of real-life examples, including two where production systems were infiltrated and severely disrupted after hackers gained access to their IT systems by initially hacking into unprotected office software, used to keep HR and admin records.

“A comprehensive approach to cyber security is not something that manufacturers can afford to ignore – with the sector now the third most targeted for attack. Only Government systems and finance are more vulnerable, yet manufacturing is amongst the least protected against cyber-crime,” said Stephen Phipson CBE, Chief Executive at EEF.

“The 4th Industrial Revolution represents an unprecedented opportunity through interconnectivity. But that very openness brings with it increased risk. Cyber-vulnerability is a major barrier to business and growth; threatening loss of data, theft of capital and intellectual property, disruption to business, and impact on trading reputation.

“Manufacturers must urgently take appropriate steps to protect themselves. Our sector is already a significant target for malicious activity in cyberspace, which impacts businesses in a variety of ways. Increasing digitisation means that the challenge is likely to both broaden and deepen.”

Click here to read the full report.

NEW REPORT: 58% of organizations have more than 100,000 folders open to all employees

 960 640 Stuart O'Brien
By:
0
0

By Varonis

Like a wardrobe malfunction during a live broadcast, no one wants to be overexposed – especially when it comes to your data.

The surprising truth: most companies go about their business blithely unaware that some of their most sensitive data is wide open. And by “some” we mean a lot. In fact, our latest research shows that 41% of organizations had at least 1,000 sensitive files open to all employees.

As we know, it only takes one leaked file to cause a headline-making data breach. We’ve seen how one unpatched server can lead to a disaster; a single “unpatched” folder filled with sensitive files can be just as disastrous — and it doesn’t take an expert or sophisticated code to exploit it.

That’s where Varonis Data Risk Assessments come in. Every year, Varonis conducts thousands of risk assessments for companies around the globe. Using the Varonis Data Security Platform (DSP), we identify where sensitive and regulated data resides, show what’s overexposed and vulnerable, and provide actionable recommendations to increase your data security posture.

Think of a Data Risk Assessment as a reality check on your data – that friend who tells you you’ve got a button undone. And they’re free (but more on that later).

Click here to continue reading…

GDPR

Good news everyone! ‘72% of organisations worldwide are GDPR ready’

 960 640 Stuart O'Brien
By:
0
1

An EfficientIP X-Day study says average global spend on GDPR compliance tops $1.5 million, with less than 100 days to go before the deadline for EU GDPR compliance on 25th May this year.

EfficientIP, through independent market research firm Coleman Parkes, asked over 1,000 companies worldwide about their preparation plans for GDPR. Among the key findings were:

  • Over two-thirds of global businesses at 72% are confident they will have all required GDPR compliance processes in place by 25th May 2018.
  • North America is the most confident region in world, with American and Canadian organisations saying they will be prepared at 84% and 75% respectively.
  • Despite the on-going Brexit negotiations and uncertainty looming over the enforcement and effectiveness of the EU GDPR regulation on local businesses, the UK is the most confident nation in Europe, with 74% saying they will be ready by deadline day.
  • In comparison, Spanish businesses are a close second to the UK at 73%, dropping to 66% of French respondents. German organisations are the least confident in Europe at 61%.

Businesses worldwide believe there will be a variety of benefits they will gain from being GDPR compliant. Nearly half of all organisations surveyed, at 46%, say the most important benefit from being GDPR compliant is gaining customer trust to handle sensitive data.

31% of businesses believe the most important value from compliance is enhanced brand awareness. 18% of respondents felt GDPR compliance will increase customer loyalty is the most important benefit.

APAC, North America and Europe businesses believe the biggest positive impact from compliance is increased trust in handling customer data at 53%, 46% and 41% respectively.

European organisations lead the study in saying increased customer loyalty is the biggest impact at 22%, with North America and APAC following respectively at 15%, 14%.

On average, global organisations have so far spent $1,583,000 (£1,145,000) on GDPR compliance. Globally, European businesses have spent the most on average on compliance with Germany leading at $1,969,000 (£1,424,000), followed by the UK with $1,798,000 (£1,300,000), with France completing the top three at $1,781,000 (£1,288,000).

USA and Singapore tops regional spending in North America and APAC, investing $1,568,000 (£1,134,000) and $1,521,000 (£1,100,000) respectively on average. Small and Medium Business have spent on average $1,263,000 (£893,000) so far on compliance, whereas large businesses have spent up to $5 (£3.5) million on compliance.

A key element in EU GDPR is for businesses to provide adequate data protection. In response to this regulatory requirement, 38% of global organisations are convinced that better monitoring and analysis of DNS traffic is the best option to provide data protection in their networks, whilst 35% think securing network endpoints is best and only 21% choose to add more firewalls.

EfficientIP says this shows organisations are finally realising, after the various successful data breaches over the last year, that firewall technology is no longer adequate.

APAC, North America and European organisations are confident in DNS monitoring and analysis technology at 40%, 37% and 36% respectively.

Commenting on the study figures, Herve Dhelin, SVP Strategy at EfficientIP, said: “As organisations enter the final straight of GDPR compliance with 100 days to go, our research shows they have never been so close to regulatory compliance. There is still some work to do, but it is encouraging to see nearly three-quarters of businesses are ready and most organisations see monitoring and analysis of DNS traffic, not firewalls nor endpoints, is the best way of preventing data breaches.”

Managed detection and response market worth $1.6bn by 2022

 960 640 Stuart O'Brien
By:
0
0

The major forces driving the growth of the Managed Detection and Response Market include the increase in the enterprise targeted cyber-attacks, shortage of cybersecurity practitioners, and need for compliance to various government regulations.

That’s according to a new report from MarketsAndMarkets, which predicts the market size is expected will grow from $419.7 million in 2017 to $1,658 million by 2022, equivalent to a Compound Annual Growth Rate (CAGR) of 31.6% during the forecast period.

Moreover, the report says technological advancement and increasing adoption of technologies such as Internet of Things (IoT) across various end-use applications are some of the other factors that are driving the market growth.

The endpoint security type segment is expected to hold the largest market share in the Managed Detection and Response Market during the forecast period.

Endpoints are usually network devices, such as servers, desktops, laptops, smartphones, tablets, and Point of Sale (POS) connected remotely to an enterprise server, making them vulnerable and creating an entry point for potential cyber threats.

Endpoint security type MDR services provide real-time control, visibility, and analytics of endpoints deployed across an organisation. Vendors are offering advanced endpoint MDR services that leverage technologies such as Artificial Intelligence (AI) and machine learning, to proactively detect attacks, malicious activities, and respond to them before they undesirably affect the enterprises’ business operations.

The cloud security type segment is expected to gain traction and grow at the highest CAGR, owing to the rising adoption of cloud computing across enterprises of different sizes and the increasing security vulnerabilities arising out of it.

IoT projects held back by security concerns

 960 640 Stuart O'Brien
By:
0
0

The majority (94%) of IT professionals from organisations that are undertaking Internet of Things (IoT) initiatives say they need to invest in it over the next 12 months in order to stay competitive – but they are facing significant barriers to adoption.

These obstacles include security concerns, the cost of implementation and commitment from the company’s leadership.

The findings are part of a major new report released by the Wi-SUN Alliance, a global association driving the proliferation of interoperable wireless solutions for use in smart cities, smart grids and Industrial IoT applications.

The research, which looks at attitudes to IoT, including the drivers, barriers, challenges and benefits, surveyed 350 IT decision makers in the UK, US, Sweden and Denmark. While all respondents come from organisations that are investing in at least one IoT initiative, just over half (51%) report that they have a fully implemented IoT strategy in place, while more than a third (36%) have one being rolled out. While enabling IoT is the second most important IT priority for the next 12 months, only just behind improving security, almost all respondents (90%) have struggled to implement a plan, with over a third (36%) saying they find it “very or extremely difficult”.

Security tops the list of major concerns, holding back nearly six in ten (59%), while cost of implementation is also a barrier, delaying around half (46%). More worrying is that, while 42% say that creating efficiencies for the business is an important driver to implementing IoT initiatives and 37% say the same for reducing operational costs, getting access to funding for projects is a problem, with a third (32%) admitting this is a barrier. The same amount struggle because of reluctance by senior executives in the organisation to commit to IoT projects.

As well as barriers, the research also highlights technical challenges that organisations are facing when delivering on IoT initiatives and processes. Security and safety tops the list at 63%, while data management (46%), network configuration (41%) and recruiting the right IoT skills and resources (39%) are also seen as technical challenges.

For implementation of smart city and smart utility solutions, proven security with multi-layer protection and continuous monitoring is considered ‘absolutely crucial’ for around half of respondents, while industry-wide open standards are also crucial (45% and 43% respectively).

The benefits of IoT are also widely recognised, with the majority of respondents citing better business efficiency (54%), improved customer experience (49%) or better collaboration (48%). Nearly half (45%) have seen lower costs and 41% higher customer satisfaction.

According to the Wi-SUN research, when organisations are evaluating which IoT technology to move forward with, 58% look for network topology and coverage, while communications performance (53%), industry standards support (52%), and power efficiency (50%) are also sought after. Around half look for reliability (47%) or scalability (44%).

“When it comes to the design, development and implementation of IoT projects, especially around smart cities and smart utilities, there are a number of issues that organisations are having to contend with and security is proving to be a particularly significant barrier,” according to Phil Beecher, President and CEO, Wi-SUN Alliance.

“The research highlights that more education is needed: there are many network options, but not all provide the features necessary for large-scale outdoor networks, as required by smart cities or utilities. For instance, unlike tower-based networks, such as LoRa, SigFox, Ingenu and NB-IOT, Wi-SUN Field Area Network (FAN) specifies a wireless mesh network, which not only supports higher data rates and bi-directional data transmission, but can also provide complete coverage with greater resilience and reliability. Wi-SUN FAN networks are also highly secure as only “vetted” devices can join the network, preventing compromised devices from causing disruption of essential services that may include public safety. It is essential that organisations understand the level of security and the associated risks provided by different network solutions, and choose the very highest security levels available for their IoT networks.”

Funding

Global cyber security market worth $181.77 billion by 2021

 960 640 Stuart O'Brien
By:
0
0

Zion Market Research predicts that the global cyber security market will grow at a CAGR of 9.5% between 2016 and 2021.

That equivalent to a total market value of $181.77 billion by the end of the forecast period, up from $105.45 billion in 2015.

Zion says the major driving factor for the global cyber security market is increasing the stringency of government regulations and growing cyber threats, with demand for integrated cyber solutions another key factor anticipated to drive the market growth in the years to come.

Furthermore, rising severity of cyber-crimes, the popularity of cloud security, rapid adoption of cloud computing, data centre, and wireless communication are expected to boost the cyber security market in the near future.

Based on security types, Zion says network security was the leading segment of the market, accounting for more than 40% of overall revenue in 2015.

North America dominated the cyber security market in 2015, due mainly to the rapid adoption of cloud computing, strict rules put in place by government and emerging cyber threats.

Europe was the second player in 2015, owing to rising number of mobile workforces, adoption of cloud-based services and broad opportunity for cyber vendors in the market. Europe is expected to remain relatively stable over the forecast period.

Latin America expected to be the future market for the cyber security, showing huge development in the next five years. Brazil is seen as the business sector with the most potential for growth.

Finally, Asia Pacific is expected to show rapid growth, primarily due to increase in cyber crime and demand for cyber security solutions and products in emerging economies.

Technavio

Global cyber security market to grow 13% by 2021

 960 640 Stuart O'Brien
By:
0
0

The global cyber security market will grow at a CAGR of almost 13 per cent during 2017-2021, according to a new report from Technavio.

The study covers the present scenario and growth prospects of the global cyber security market across the forecast period.

Clearly, with the increase in the number of attacks and threats from hackers, the need for advanced security solutions is growing rapidly.

But Technavio says the major reason for its high growth forecast is the introduction of cyber detection technology, which is an advanced form of cyber security that has the capability to identify and mitigate an attack from its inception through four stages: network level, application level, data level, and endpoint level.

Specifically, Technavio analysts highlighted the following three factors that are contributing to the growth of the global cyber security market:

  • Increase in use of mobile devices
  • Implementing firewall as a disruptive deception capability
  • Increasing IT security budget

Amrita Choudhury, a lead IT security research analyst at Technavio, said: “With companies expanding across regions, there is an increased need for the exchange of global data and information. The global expansion of business has given a significant rise to employees traveling worldwide. This has resulted in an increase in services offering security and access to secure networks from mobile devices.”

UK Cyber Attacks

Cisco White Paper: Organisations must disrupt cyber attacks

 960 640 Stuart O'Brien
By:
0
0

Cisco and Dimension Data have published a white paper that provides organisations with a framework for ransomware defence.

Called Ransomware: The Pervasive Business Disruptor, the paper looks at ransomware trends and impacts, and how to respond before a threat becomes a business disruptor.

According to a Cisco 2017 Mid-Year Cyber Security Report, ransomware is one of the main threats to digital business. Globally, around 49 per cent of businesses experienced at least one cyber ransom attack in 2016, and of those, 39 per cent were ransomware attacks.

In the US alone, the number of attacks rose 300% from 2015 to 2016.

The whitepaper says this trend can be attributed to the growth of ransomware-as-a-service (RaaS) in the first half of 2017, where cyber criminals pay the operators of RaaS platforms to launch attacks.

“The escalation in ransomware attacks in the digital economy makes every organisation a target,” said Matthew Gyde, Group Executive – Security. “This risk escalated when cryptocurrency and bitcoin became a common avenue for ransom payment. That’s because cybercriminals cannot be traced. And as more employees work remotely on personal devices, the risk is further compounded.”

Deep threat Intelligence and research are key to outsmarting cybercriminals, and a critical success factor is to disrupt the attack before it becomes the business disruptor,” Gyde explained. “But security controls alone are not sufficient to address a ransomware threat, and organisations need to adopt a multi-layered approach to stop the cyber kill chain. This means identifying emerging threats before an attack, quick detection, a swift response to an attack, all the way through to the backup and recovery process.”

The ransomware white paper includes a five-point framework for organisations to adopt to defend against a ransomware attack:

  • Predict and be informed before the attack occurs: Proactively research what’s discussed on the dark web, new exploits that will be used, and industries or companies that will be targeted.
  • Protect: Identity and access management (IAM) tools are essential to protecting enterprise devices and computing assets. Network access control (NAC) ensures that only devices that have the adequate security settings and adhere to IT security policies are able to access corporate systems.
  • Detect: Technologies should be in place to detect anomalies in the infrastructure, in the event that malware has infiltrated the endpoints or network. The network must be monitored to check for indicators of compromise. Turning on AI-enabled malicious traffic detection, can also help automate detection swiftly before the attack worsens.
  • Respond: When a ransomware incident has been detected, security experts must work fast to block malicious communication channels at the firewall or IPS, and quarantine infected machines.
  • Recover: Backup is a critical part of the strategy for fast recovery. In addition, the backup system needs to prevent the replication of files that were maliciously encrypted by ransomware. This can be achieved with dynamic segmentation and inherent security features.

Click here to read Ransomware: The Pervasive Business Disruptor white paper.

Wannacry

BT and KPMG pinpoint corporate cyber security traps

 960 640 Stuart O'Brien
By:
0
0

BT and KPMG have published a new cyber security report offering practical advice to businesses of all sizes on how best to manage their security journey and turn it into a business opportunity.

The new report, “The cyber security journey – from denial to opportunity”, warns businesses against falling into dangerous traps as they deal with the complexity of securing a digital enterprise. These include being stuck in ‘Denial’ and ‘Worry’ phases at one end of the spectrum, and ‘False Confidence’ and ‘Hard Lessons’ at the other end.

While the report stresses that investment in technology such as firewalls and antivirus protection is essential ‘good housekeeping’ practice at the start of the security journey, firms should avoid throwing money away on IT security products as a knee-jerk reaction. This is especially true for companies who have matured from the stage of denial into the stage of constant worry, where investing in the latest technology can be viewed as the silver bullet to the problem. This common mistake can make such firms a target, not just for cyber criminals, but also for over-zealous IT salespeople.

Businesses must first assess their current controls against best practice, such as the guidance issued by the UK’s National Cyber Security Centre (NCSC), to help identify any gaps and prioritise essential areas in which to invest. Furthermore, everyone in the organisation, from the board down, must take responsibility for maintaining high standards of cyber hygiene, while businesses must invest in training and raise awareness amongst staff. This can help turn employees from the weakest point in any security chain into every company’s greatest asset in the fight to protect data.

Mark Hughes, CEO, BT Security, said: “The global scale of the recent ransomware attacks showed the astonishing speed at which even the most unsophisticated of attacks can spread around the world. Many organisations could have avoided these attacks by maintaining better standards of cyber hygiene and getting the basics right. These global incidents remind us that every business today – from the smallest sole trader through to SMEs and large multinational corporations – needs to get to grips with managing the security of their IT estate, as well as their people and processes.

“Our report aims to help secure the digital enterprise by navigating businesses through their cyber security journey. By sharing valuable insights from senior IT security leaders, we hope to help businesses of all sizes transform cyber security from operational risk into a business opportunity.”

David Ferbrache, Technical Director in KPMG’s cyber security practice, said: “The recent spate of cyber-attacks is keeping cyber risk at the top of the business agenda, and as such investments are being made. The business community needs to avoid knee-jerk reactions as cyber security is a journey – not a one size fits all issue, and getting the basics like patching and back-ups right matters. It’s important to build a security culture, raise awareness amongst staff, and remember that security needs to enable business, not prevent it.

“Cyber threats are evolving and businesses face ruthless criminal entrepreneurs. The solution isn’t jargon ridden technology silver bullets but one that involves a community effort in a world where business boundaries are vanishing. With criminals getting increasingly creative about finding the weakest link, the CISOs of the future need to care about digital risk, help the business seize opportunities and build cyber resilience.”

Although cyber security issues are increasingly discussed at board level today, the report claims that those discussions are too infrequent and are treated as a separate and disconnected issue from broader operational risk. All too often, the issue of cyber security is not incorporated into the overarching business strategy.

The paper also argues that overly complex IT architecture can worsen security gaps. This is especially the case if the technology deployed is too difficult to use or there’s a lack of integration.

In order to address these risks and gain true leadership in cyber security, the report calls on firms to focus on good governance processes, the proper integration of technologies and to consider outsourcing some less critical aspects of their security to a trusted partner. This, combined with the sharing of intelligence, good practice and hard-won lessons among a network of peers and beyond would put the company in a position to think about cyber security differently. Namely, not as a risk which is discussed by the board perhaps twice a year, but as a business opportunity and enabler for digital transformation.