Security events declining, but not the impact
Respondents estimated that the number of security events at their company dropped 8.2 percent in the past 12 months, from an average of about 161 to 148 incidents. Despite the drop in the number of events, 68 percent reported that their losses were the same or higher than the previous year. The number of businesses that experienced no losses dropped from 36 percent to 30 percent.
Although the overall number of events declined, events that resulted in a loss or damage rose. In the past 12 months, 14 percent of the respondents reported disruption to their own critical systems, up from 10 percent in the prior 12 months. Ten percent reported loss of confidential or proprietary information, a rise from 7 percent previously. Incidents that damaged a company’s reputation or caused disruption that affected customers and partners both fell to 4 percent each.
If you’ve been following cyberattack reports, the types of cybercrime on the rise will not surprise you. Thirty-six percent of respondents say they were impacted by a phishing attack, up from 26 percent the previous year. Ransomware attacks also rose, from 14 percent to 17 percent. Financial fraud jumped to 12 percent from 7 percent.
The State of Cybercrime survey results show that most companies are raising the bar in their efforts to to prevent or minimize damage from attacks. It also reveals that too many companies are not keeping pace with the threat environment or their peers’ cybersecurity standards. They can catch up by focusing on the following:
- Accept that security is not just an IT issue. More CSOs/CISOs are reporting to boards of directors for a reason: An effective cybersecurity strategy starts at the top and should include all areas of the company. More frequent reporting on security issues to senior management and the formation of a risk committee that includes people from all areas of the company are good first steps.
- Invest in your security staff. This means making sure they have the resources and training to stay atop the latest threats. Participating in organizations that share knowledge of threats and their countermeasures is also important.
- Increase your field of vision into threats. Outsider threats were seen as most damaging by 39 percent of the respondents. Once a breach from an outsider occurred, it took an average of about 92 days to detect it. It’s wise, then, to assess the effectiveness of your intrusion detection tools and processes.
- Develop an ongoing security awareness training program for employees. Twenty-eight percent of security incidents from insiders were the result of negligence or accident. Considering the rate at which attacks that depend on deception are evolving, employees need regular, ongoing training.
- Evaluate the cybersecurity capability of your supply chain and partners. Cybercriminals often target smaller companies as a way to access the data of the larger companies they do business with because they assume them to be softer targets. Make sure those companies aren’t the weak link in your system.
- Test, test and test again. Only a little more than half the respondents (53 percent) said they had a methodology to test the effectiveness of their security programs. Testing should be a given, and not just once a year. The threat landscape demands commitment to a regular testing schedule.
Sign up for Computerworld eNewsletters.