12 Things You Should Know About Cyber-Defenses

Karen A. Frenkel Avatar

Updated on:

12 Things You Should Know About Cyber-Defenses

Vast Majority of IT Firms VictimizedVast Majority of IT Firms Victimized

96% of IT organizations surveyed experienced “significant” IT security incidents in 2013. Only 33%, however, are “highly confident” that their organizations will improve their less mature security controls.

Threats More Complex and ChallengingThreats More Complex and Challenging

43% of respondents see problem prevention, identification, diagnosis and remediation as more challenging than in 2012. The problem? Increased operational complexity and the current threat landscape.

Multiple Security IncidentsMultiple Security Incidents

17% of organizations had five or more significant security incidents in the past 12 months. 39% had two or more significant incidents.

Top Four Security IncidentsTop Four Security Incidents

The leading security incidents were phishing, compliance policy violations, unsanctioned device and application use and unauthorized data access.

The Most-Cited Security IssuesThe Most-Cited Security Issues

The top five security issues were: Malware and advanced threats, Application and wireless security, Network resource access, Unsanctioned application and personal mobile device use, Data leakage

Control Practices That Need ImprovementControl Practices That Need Improvement

The following five were cited as relatively immature practices: Personal mobile device usage, Perimeter threats, Inventory management and endpoint compliance, Virtualization security, Rogue device and application security

Low Expectations for Adherence to PolicyLow Expectations for Adherence to Policy

61% of respondents cite low to no confidence in adherence to policies concerning network device intelligence, maintaining configuration standards and defenses on devices, and ensuring virtual machine and remote devices.

Malware and APTs Are Top PrioritiesMalware and APTs Are Top Priorities

Malware and advanced persistent threats are leading priorities for all industries and regions, but companies are less likely to invest further resources to reduce perimeter threats.

Significant Compliance Policy ViolationsSignificant Compliance Policy Violations

Compliance policy violations that consumed a lot of time occurred 2.6 times in the last year, on average. More violations occurred in the U.S., compared to the U.K.

Most Prone to Phishing Attacks?Most Prone to Phishing Attacks?

Manufacturing, education, and finance sectors are more prone to phishing, whereas the health-care sector is more likely to suffer from compliance policy violations.

The Problems of Financial InstitutionsThe Problems of Financial Institutions

Overall, financial institutions, compared to other sectors, found problem remediation more challenging. They were also subjected to more phishing attacks, compliance policy violations, unsanctioned application use and data leakage.

The Impact of BYODThe Impact of BYOD

78% of respondents say BYOD is having an impact on governance, risk and compliance. In general, the retail sector is more progressive on BYOD security, but Europeans cite data wiping and encryption as having a higher impact on governance, risk and compliance than others.

Karen A. Frenkel Avatar