Half of IT decision makers admit they don't have a cybersecurity strategy in place
While 94 percent of IT decision makers – including directors responsible for IT, resilience and business operations – at businesses worldwide, including healthcare organizations, say they are aware that criminal entrepreneurs and organizations are actively working to penetrate their organizations, nearly half of these business executives admit they do not have a strategy in place to prevent cyber attacks, according to a new study.
Further, 89 percent of these business leaders have expressed concern about a digital assault by organized crime – a common source of ransomware – with similar percentages seeing terrorist action and state-sponsored hackers as a real danger, according to “Taking the Offensive: Working Together to Disrupt Digital Crime,” a study from BT Group, a British multinational telecommunications company, and KPMG, a global business consulting firm.
Only 22 percent of directors responsible for IT, resilience and business operations said they are fully prepared to combat security breaches perpetrated by organized crime, such as malware attacks, but a majority, 51 percent, said they do not have a strategy to deal with digital blackmail, such as ransomware attacks, the study found.
But cybersecurity issues are being raised at the highest level: 73 percent of the business executives said digital security is on the agenda at board meetings at least quarterly, if not more so, according to the study.
“We live in a world where technology is all pervasive: Every aspect of human activity – business, defense, healthcare, education, to take but a few examples – is now underpinned by complex interconnected technologies and communications systems,” said Sir Michael Rake, chairman of BT Group. “Our dependency on technology raises significant governance issues with directors constantly having to balance questions of cost, risk and resilience. Today, digital security sits right at the top of the boardroom agenda. Directors are all too aware of the risks, regularly discussing them with their colleagues.”
But even as organizations implement increasingly sophisticated cybersecurity technologies, criminal organizations continue to find vulnerabilities to exploit.
“The sheer scale of digital criminality raises major questions about how best to manage risk and defend against a well-funded enemy whose strategies and technologies are constantly evolving,” Rake said. “New thinking is required, and the first is to understand the digital criminal in terms of motive, modus operandi and how they intend to cash out. The next step is to turn that understanding into a cohesive and effective response.”
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system
- What to watch: IDS and IPS features to consider when comparing different vendors products