Think Information. Think Security.
Many enterprises around the world think they are prepared for cyber attacks but the reality is that any organisation is at risk of a security breach, consulting firm Deloitte has warned.

Deloitte released the results from its sixth annual global Cyber Security Survey which was conducted with 121 technology, media and telecommunications companies. Fifteen percent of the participants were from the Asia Pacific region.

The survey found that 88 percent of executives who took part did not see their company as vulnerable. In addition, 60 percent of participants rated their ability to respond to newly developed threats as either average or high.

According to Deloitte technology risk leader Dean Kingsley, this attitude needed to change as most passwords can be cracked in five hours. 

"Businesses need to assume a breach will happen and prepare accordingly by shifting from pure prevention to detection and response planning," he said in a statement.

Despite the confident attitudes expressed by executives, the survey results also found that 59 percent of participants had experienced a security breach in 2012 while 78 percent cited breaches at third parties as one of their top three threats and only 30 percent of respondents believed that the third party organisations they work with are taking enough responsibility for cyber security.

Mobile and bring your own device (BYOD) were also cited as challenges to IT security teams with 74 percent of executives ranking it as their second biggest risk. However, only 52 percent said they had specific BYOD policies in place and 10 percent did not address mobile security risks at all.

According to Deloitte Australia national security and resilience lead Tommy Viljoen, hacktivisim was referred to in the survey for the first time with 63 percent rating it as a “major concern.”

“Recognising the threat of hacktivisim, organisations are starting to gather intelligence relating to it and other types of cyber crime incidents.”

Over 50 percent of executives stated that they collect general information about hacktivism while 40 percent collect information about attacks specifically targeting their organisation, industry, brand or customers.

Cross-posted from: Computer World

Leave a Reply.