Is unawareness abetting cyber-security gaps for CIOs?

MUMBAI, INDIA:  There are organizations around who currently feel moderately vulnerable to attacks arising from unaware employees (48 per cent, as a recent survey indicates) and this is due to more organizations encouraging the ‘Bring Your Own Device’ policy.

That said, some 26 per cent percent of organizations are completely unaware of threats, and process failures that led to their most significant cyber breaches in the year gone by.

When it comes to IT security budgets, only 18 per cent CIOs opine that their budgets should be increased by up to 25 per cent to align their organization’s need for protection with its management’s tolerance for risk. But about 49 per cent of CIO’s feel a budget constraint is the main obstacle or reason that challenge Information Security operations followed by lack of skilled labor.

As per the EY’s Global Information Security Survey 2015 titled ‘Creating trust in the digital world’ which covered more than 200 Indian organizations 65 per cent believe their information security structure partially meets their organization’s needs.

The most likely sources of cyber-attacks: hacktivists 70 per cent) and criminal syndicates (55 per cent) have retained their top rankings with lone wolf hacker (42 per cent) and state sponsored attacks (32 per cent) closing in.

Burgess Cooper, Partner – Information & Cybersecurity, EY, says, ‘the digital age and inherent connectivity of people, devices and organization have opened up a whole new playing field of vulnerabilities. As old sources of cyber threats evolve, new sources are emerging to add to the complexities for organization’.

Cybersecurity is not an inhibitor in the digital world; rather it is the way to make the digital world fully operational and sustainable. Cybersecurity is the key to unlocking innovation and expansion, and a tailored organization and risk-centric approach to cybersecurity will adjust the balance of the digital world back towards sustainability and safety, to better protect your organization and create trust in your brand, adds Burgess.

However only 15 per cent of the organizations feel more threatened today by phishing and malware, while 12 per cent blame their poorly secured internet-facing systems and applications.

The survey also finds that organizations are now better prepared in averting a cyber-attack due to emerging technologies and trends with 59 per cent saying they have a dedicated function that focuses on emerging technology and its impact and 31 per cent believing that their Security Operations Center (SOC) is tightly integrated, meeting the heads of businesses operations regularly to understand business concerns and risks.

Still, 41 per cent of the organizations still do not have a security operations center, while 61 per cent outsource their vulnerability assessment - information security function. Almost half (49 per cent) said that budget constraints and lack of skilled resources (47 per cent) impact the contribution and value that information security function provides to the organization, indicating that the situation is deteriorating, rather than improving.

Coming to Big Data, 43 per cent of the organizations do not have a formalized requirement for using big data while addressing its privacy obligations. As to Social media, 41 per cent of the organizations interact with customers via social media and 50 per cent of them do not have formalized requirements for using social media for commercial purposes while addressing its privacy obligations