Awareness of a potential attack is sky high, and more organizations are now making moves to ensure they have solid plans and strategies in place, a new report found.
Fifty-six percent of those surveyed are now making or planning to make changes to their strategies and plans due to the increased impact of cyber threats, risks and vulnerabilities, according to an EY survey of nearly 1,200 C-level leaders of the world’s largest and most recognized organizations.
The rapid acceleration of connectivity within their global organizations – fueled by the growth of Internet of Things (IoT) – introduced new vulnerabilities for attackers to leverage.
The report found hacks carried out by unsophisticated, individual attackers successfully exploited vulnerabilities organizations were aware of, but did not ward off. That showed a lack of rigor in adhering to a plan.
“The most successful recent cyber attacks employed common methods that leveraged known vulnerabilities of organizations,” said Paul van Kessel, EY global advisory cybersecurity leader in a post. “Also, the increasing hyper-connectivity and waves of new technology, while creating huge opportunities, introduces new risks and vulnerabilities across the organization. Therefore, as organizations transform into the digital age, they must examine their digital ecosystem from every angle to protect their businesses today, tomorrow and far into the future.”
In addition, most organizations continue to increase their spending on cybersecurity, with more than 90 percent of respondents saying they expect higher budgets this year. With mounting cyber threats demanding a more robust response, 87 percent said they require up to 50 percent more funding. However, only 12 percent expect to receive an increase of more than 25 percent this year.
On top of that, 76 percent of respondents said the discovery of a breach that caused harm is most likely to trigger the increased allocation of budgets. By contrast, 64 percent said an attack that did not appear to have caused any harm would be unlikely to prompt an increase in cybersecurity budget, despite the reality that harm caused by a cyber attack may not be immediately obvious.
Careless or unaware employees are seen as the most significant increasing vulnerability to organizations’ security (60 percent compared to 55 percent in 2016). When it comes to the most likely source of attack, 77% considered careless members of staff as the most likely source, followed by criminal syndicates (56 percent) and malicious employees (47 percent).
When fighting back against an advanced attack, many organizations have serious concerns about the level of sophistication of their current cybersecurity systems. Seventy-five percent of respondents rate the maturity of their vulnerability identification as “very low to moderate.” A further 12 percent said they have no formal breach detection program in place, while 35 percent describe their data protection policies as ad-hoc or non-existent, and 38 percent either have no identity and access program or have not formally agreed to such a program.
“We believe that in the future businesses will collaborate and work with each other to share knowledge to help increase cyber resiliency,” Van Kessel said. “It is imperative, therefore, that organizations move beyond thinking about cybersecurity as an IT issue, and focus on good cybersecurity governance and security-by-design.”