A recent survey conducted security firm Ponemon Institute for Canadian solutions technology integrator Scalar Decisions Inc., revealed that only 37 per cent of organizations in the country “believe they are winning the cyber security war.” That’s a decrease of four per cent over the company’s 2015 study.
The Canadian figures are slightly lower than the global figures arrived at by a separate report released by networking gear provider Cisco.
Scalar is in the business of providing IT solutions to customers, but the firm’s study, titled The Cyber Security Readiness of Canadian Organizations, could be a useful document to companies looking to enhance their security posture. The study presents an interesting look into the cyber security mindset of IT decision makers and security teams in Canadian companies and provides some key insights into the real challenges IT teams face in protecting corporate networks and assets. No less than 16,470 IT and IT security practitioners involved in setting goals and managing budgets were queried in the survey.
The report also lists the five key factors that help organizations become better prepared in facing cyber security threats.
The primary challenges cited by the Scalar report as contributing factors were “insufficient numbers of in-house personnel and lack of in-house expertise.”
“IT leaders are feeling less equipped to handle the changing landscape of cybercrime,” according to Ryan Wilson chief technology officer for security at Scalar Decisions. “The year-over-over-year increase in cyberattacks coupled with an increase in their severity and complexity highlights the need for specialized, trained IT professionals with the tools and proficiency to provide effective security to Canada’s companies.”
On average, respondents reported an average of 40 cyber attacks per year, a 17 per cent increase over last year’s report.
Despite the high number of attacks, only 38 per cent of respondents indicated their organization had systems in control to deal with advanced persistent threats (“APTs”).
Overall, the greatest threat to IT networks was reported to be web-borne malware attacks, with 80 per cent pointing to this risk as the most frequent security compromise, followed by rootkits (65 per cent).
The survey found that respondents believe the majority of cyber security crimes are increasing in severity, sophistication (80 per cent), sophistication (71 per cent) and frequency (70 per cent).
The toll brought about by security compromises are also going up.
Loss of intellectual property was experienced by 33 per cent of the organizations surveyed in the last 24 months and 36 per cent believe it caused a loss of competitive advantage. Based on information provided by the respondents, the average cost of cyber attacks in the last 12 months was approximately $7 million per organization.
Cyber security expenditure for 2016 on the other hand, only grew slight to 11 per cent of the annual IT budget from 10 per cent in the previous year.
Scalar said it found a correlation between the confidence of a company on its security posture and how much it spent on IT security.
Scalar divided the respondents into subsets identified as “high performing” and “low performing groups.
“This ‘high performing’ group represented 53 per cent of the sample, and when compared with the ‘low performing’ group, it was found that high performers spend 43 per cent more of their IT budget on information security and were more likely to have their cyber security strategy fully aligned with their organization’s business objectives and mission,” according to Scalar. “Relatedly, high performers were 28 per cent more confident that they are winning the cyber security war.”
High performers tended to have fewer successful cyber attacks (66 per cent vs. 77 per cent for low performers). High performers also said they had fewer situations when cyber attacks evaded their anti-virus solutions.
What does it take to become a member of the “high performing” group?
- The high performing group had a greater awareness of their cyber threat landscape
- Spend more on security
- Measure the ROI of their tech investments
- Have a cyber security strategy that is supportive of business goals
“A strong security posture is dependent on key factors such as awareness of the threat landscape and the collection and analysis of threat intelligence,” added Wilson. “Technologies such as network traffic surveillance and security information and event management, in combination with a full integration of cyber security strategy within business objectives contribute to an effective end-to-end security program and help organizations achieve the highest return on their IT security spend.”
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…