Our 17th Global Information Security Survey has just been published. It polled 1825 executives in over 60 countries, including Ireland. This focus of this year’s survey is on how well organisations are managing cyber threats.
The results indicate that organisations in Ireland, like their global counterparts, acknowledge the increasing range and sophistication of cyber threats. Although the past year has shown us that cyber attacks are inevitable regardless of scale or industry many are still underprepared, in that 50% are not confident of detecting a sophisticated cyber attack and 47% lack real-time insight on cyber risks.
Financial services organisations need to be especially vigilant, as respondents cited the top two external threats as malware and cyber attacks aimed at stealing financial data. Online fraud and extortion scams are commonly used by organised criminals who are intent on obtaining money illegally and who are increasingly adept at exploiting weaknesses in technology as well as customers’ lack of awareness or trust.
Banks and payments firms tend to be most frequently affected by targeted financially-motivated attacks, as a successful attack can yield direct access to customer funds. Attack can often be aimed at customers rather than the institution itself, manifesting as sophisticated malware. Payment card information naturally remains highly prized so insurance companies accepting online payments for policies must also be vigilant.
Finally, some threats are entirely indiscriminate and will impact both businesses and individuals affected. One example is so-called ‘ransomware’, which is malware that systematically locks files both on the infected computer and on the network using strong encryption. Unfortunate victims are then presented with a ransom demand for the decryption key to unlock the files.
As with all business risks, the key to cyber resilience is in identifying the assets that matter most to the business, understanding the threats that pose a risk and differentially protecting those most critical assets by designing a control framework informed by risk appetite to prevent, detect, react to and anticipate attacks. Being prepared for the inevitable is the only way to get ahead of cyber crime.
The full report on our findings can be a accessed through the below link.