Information knows no borders; no single entity, company, organization, or government can guarantee or protect it. From South Korea to Saudi Arabia to the United States, there have been recent attacks that cross numerous sectors, affecting government agencies, media companies as well as oil and gas companies. In the past year, we’ve also seen numerous denial-of-service (DoS) attacks on financial institutions.
The status quo methods of maintaining cyber security just aren’t up to the task. It’s time to make investments to help detect attacks before they occur, while at the same time dedicating personnel and resources to create detailed plans of response to put into action when breeches do occur — because they will.
This is cyber resiliency in action, not mere cyber security. Building cyber resiliency requires far greater cooperation between the public and private sectors and among business partners, and much greater awareness by everyone from front-line employees to those in the C-level suites.
Think your organization is ready for a cyber attack? That you understand all the risks it’s exposed to, and that you have a plan in place to deal with them and bounce back? If so, you’re not alone. In fact, 88 percent of the 120 companies surveyed in the Deloitte 2013 Technology, Media and Telecommunications Global Security Study (TMT) believe they can prevent cyber-attacks, 68 percent claim to recognize the risks they face, and 62 percent think they have a plan in place to deal with them once they occur.
If you’re anything like the organizations we examined you might be over-confident. Among those we examined — the same companies that claimed to understand cyber threats and were prepared for an attack — most also reported a security breach of high or medium impact in the preceding year. And that’s just what the organizations were aware of.
Like the organizations we surveyed, yours might be more susceptible to cyber threats than you suspect. Make no mistake: you are vulnerable. There’s simply no framework that can provide total security in an environment where mobile devices mingle personal and professional information, where data is stored off-site, where information is shared with perhaps hundreds of third-party companies, and where persistent hacktivists can team up and put your systems in their crosshairs.
Mobile devices and cloud computing — the very technologies that are changing and improving the ways we do business — are at the same time making it much more difficult to keep information secure. Though many organizations may be aware of the risks brought about by these new technologies, some seem to be choosing the convenience and productivity they offer over security.
IA great number of respondents indicated they have joined the cloud computing crowd: 39 percent of all organizations surveyed do so, and within media companies, that figure rises to 61 percent. However, while it has become more widely acceptable to even store mission critical data on the cloud, companies need to ensure they are more effectively managing that risk.
Regardless of an organization’s size or industry, the greatest perceived threat to information security comes from third-party involvement. We found that a whopping 92 percent of large firms felt an average or high level of threat from third parties.
Despite recognizing the gravity and likelihood of third-party breaches, not all TMT organizations have taken steps to mitigate these risks. When asked whether they’ve broached the subject of cyber-awareness with partners and suppliers, only a third replied that they’d actively sought to increase awareness among those they do business with.
Limited funds stand in the way of many organizations that are seeking solutions. Almost half of the respondents identified their security budgets — or lack thereof — as hindering their progress. They pointed out that while cyber threats are growing both in numbers and in complexity, their budgets haven’t grown proportionately, if they’ve grown at all. Businesses must reevaluate and give a greater priority to securing their digital assets.