To be successful against a resourceful, well-funded and determined enemy, businesses must change the way they approach digital security.
The cyber-security landscape is clearly heading in the wrong direction. Not only are crooks becoming more aggressive, they're becoming more sophisticated and effective. A new report from BT and KPMG, Taking the Offensive -- Working Together to Disrupt Digital Crime, takes a closer look at this rapidly changing landscape.
While "awareness of the threat has never been higher, the majority of businesses do not comprehend the methods and motivations of the attackers, the scale of the threat or indeed how to counter it," the report noted. Yet, "The fight against digital crime does not have to be a losing battle but to be successful against a resourceful, well-funded and determined enemy, businesses must change the way they approach digital security."
The study of 100 business and IT decision makers from the U.S., U.K., Singapore, India and Australia found that 97 percent of companies have been the victim of digital attack and 89 percent fear assaults by organized crime consortia, yet only 22 percent are fully prepared to deal with future incidents.
The good news? 73 percent of respondents indicated that digital security was on the agenda at board meetings. There's a growing focus on the need for board and C-level support for cyber-security initiatives.
The bad news? 51 percent reported that they have no strategy for dealing with blackmail, 44 percent have no plan for confronting bribery (although 96 percent admit criminal entrepreneurs could be bribing employees), and 47 percent haven't addressed the possibility that someone on their staff could be a plant.
What's more, only 23 percent have insurance to cover the cost of a major incident. And while 71 percent have procedures in place to review the tools and strategies that cyber-criminals use, only 30 percent understand them.
Making matters worse, criminals are finding ways to monetize targets that were beyond their scope, and they're diving deeper into organizations to find susceptible employees that have the authority to initiate financial and other transactions used in phishing, spear-phishing, whaling and other techniques.
All of this translates into a need for business and IT leaders to rethink and rewire their strategies, the report noted. At the center of everything? A need to think beyond simply building perimeters and defending systems. As crooks cast a wider net and tap highly effective social engineering techniques to deliver malware and ransomware, there's a need to gather intelligence and stay informed, think like a criminal, build out strategies that focus on protecting the most sensitive information.