As tools for conducting cyber attacks proliferate worldwide, large-scale cyber-attacks are becoming increasingly commonplace across the globe. But studies show that many organizations are still struggling to comprehend and manage the evolving cyber threats in our increasingly complex digital world.
The latest report from PwC, the Global State of Information Security Survey 2018, highlights the variety of different cyber-attacks we’re facing. From attacks on critical infrastructure, targeting phone systems, the production of insecure Internet of Things (IoT) devices; the attack scale is massive, and can have a devastating impact on society.
The World Economic Forum (WEF) claims the rising cyber interdependence of infrastructure networks is one of the world’s top risk drivers, adding that cyber-attacks, software glitches, and other factors could spark systemic failures that ‘cascade across networks and affect society in unanticipated ways’. They also noted that the No.1 business risk in North America is: large-scale cyber attacks or malware causing large economic damages, geopolitical tensions, or widespread loss of trust in the internet.
What’s most alarming is that PwC found less than half of respondents conduct penetration tests, threat assessments, active monitoring of information, and intelligence and vulnerability assessments.
To make matters worse, security spending has dropped by nearly a third, from £6.2 million on average down to £ 3.9 million on average. This means it’s crucial that enterprises spend their security dollars on the right kind of cyber tools instead of throwing money at the problem and
NNT CTO, Mark Kedgley, recently commented on the latest article on SCMagazine, claiming, "wasted money in cyber-security never ceases to pain and amaze us" adding "we meet plenty of disillusioned cyber-security teams who have wasted money that could have been better spent, usually on products that are too difficult to use or take too long to deliver results, all at the expense of their security." NNT believes that focus on core security tasks is often being lost by the turning of heads toward the most hyped new innovation. "As with most things in life," Kedgley told SC "it's important to get the basics right first and in cyber-security.”
The PwC survey suggests the need for a global conversation that provides business leaders with actionable advice to build cyber resilience within their IT environment. They also suggest the need for all organizations, regardless of just how prepared you think you are, to make certain your strategic cyber goals are being executed.
Stress-testing your interdependencies with simulated cyber-attacks can help unmask these vulnerabilities with your IT environment you once thought were secure. Dan Geer, CISO at In-Q-Tel, suggests asking yourself this question when developing cybersecurity stress test scenarios: Can I withstand the failure of others on whom I depend?
Read the article on SCMagazineUK