49% of CIO’s feel a budget constraint is the main obstacle or reason that challenge Information Security(IS) operations followed by lack of skilled labor, says EY’s Global Information Security Survey 2015 titled ‘Creating trust in the digital world’.
The responses from more than 200 Indian organizations examine some of the most important cybersecurity issues facing businesses today and finds that 65% believe their information security structure partially meets their organization’s needs. When it comes to IT security budgets, only 18% say that their budgets should be increased by up to 25% to align their organization’s need for protection with its management’s tolerance for risk.
The most likely sources of cyber-attacks: hacktivists 70%) and criminal syndicates (55%) have retained their top rankings with lone wolf hacker (42%) and state sponsored attacks (32%) closing in.
Burgess Cooper, Partner – Information & Cybersecurity, EY, says, ‘the digital age and inherent connectivity of people, devices and organization have opened up a whole new playing field of vulnerabilities. As old sources of cyber threats evolve, new sources are emerging to add to the complexities for organization’.
Cybersecurity is not an inhibitor in the digital world; rather it is the way to make the digital world fully operational and sustainable. Cybersecurity is the key to unlocking innovation and expansion, and a tailored organization and risk-centric approach to cybersecurity will adjust the balance of the digital world back towards sustainability and safety, to better protect your organization and create trust in your brand, adds Burgess.
The survey found that organizations currently feel moderately vulnerable to attacks arising from unaware employees (48%). This is due to more organizations encouraging the ‘Bring Your Own Device’ policy. 26% percent of organizations are completely unaware of threats, and process failures that led to their most significant cyber breaches in the year gone by. However only 15% of the organizations feel more threatened today by phishing and malware, while 12% blame their poorly secured internet-facing systems and applications.
The survey also finds that organizations are now better prepared in averting a cyber-attack due to emerging technologies and trends. 59% say they have a dedicated function that focuses on emerging technology and its impact. 31% believe that their Security Operations Center (SOC) is tightly integrated, meeting the heads of businesses operations regularly to understand business concerns and risks. 30% take an average of one hour for their SOC to initiate and investigate on a discovered / alerted incidents.
However, 41% of the organizations still do not have a security operations center, while 61% outsource their vulnerability assessment – information security function. Almost half (49%) said that budget constraints and lack of skilled resources (47%) impact the contribution and value that information security function provides to the organization, indicating that the situation is deteriorating, rather than improving.
65% respondents believe Information Security partially meets their organizational needs and improvement is underway.
55% respondents see criminal syndicates as the most likely source of an attack today.47% respondents say that lack of skilled resources is challenging information security’s contribution and value to the organization.57% respondents spend less than INR 65 lacs on information security (people, process & technology).73% business continuity/disaster recovery resilience tops the list of areas concerning the organization
62% of the organizations believe that poor user awareness and behavior is the tone of the major risks associated with growing use of mobile devices by their employees. More than half (55%) say that loss of a single smart device not only means loss of information, but also increasingly leads to a loss of identity.
43% of the organizations do not have a formalized requirement for using big data while addressing its privacy obligations.
41% of the organizations interact with customers via social media and 50% of them do not have formalized requirements for using social media for commercial purposes while addressing its privacy obligations.
Nitin Bhatt, Partner & Leader-Risk Practice, EY, says, “Cybersecurity is the key to unlocking innovation and expansion, and by adopting a tailored organization and risk-centric approach to cybersecurity it will allow organizations to re-focus on opportunity and exploration. Building trust in a business that operates successfully within the internet of things (IoT) and that fully supports and protects the individual and their personal mobile devices (from a simple phone to a healthcare device, from smart appliances to smart cars) will be a key competitive differentiator and must be a priority.”
By acting now it is possible to adjust the balance of the digital world back towards sustainability and safety, to better protect your organization and create trust in your brand.
.