Gold Magazine November - December 2013, Issue 32 | Page 88
cybersecurity
Too Many Companies
{BUSINESS}
Defending Future Threats
with Yesterday’s Strategies
NEW AND CONTINUALLY EVOLVING MODELS OF INFORMATION
SECURITY ARE NEEDED TO KEEP PACE WITH TODAY’S
DETERMINED ADVERSARIES
E
xecutives have increased security spending and have substantially improved technology
safeguards, processes, and
strategies. Their adversaries,
however, continue to outpace
them, according to The Global
State of Information Security® Survey 2014
released by PwC US in conjunction with CIO
and CSO magazines.
“Our survey results reveal that while there
have been improvements in security at companies today – which is a positive sign – many
organisations are lagging behind their opponents, and this poses significant problems for
the future,” said Mark Lobel, a PwC Advisory
principal focused on cybersecurity. “It is essential that executives actively re-evaluate and
update their security strategies and practices
on a continual basis to keep pace with today’s
threat actors. Without an agile approach to
information security, organisations will be
underprepared for the evolving and increasingly sophisticated attacks that may be more
complicated, complex, and damaging.”
According to the global survey of more than
9,600 executives, the number of security inci����������������������������
dents detected in the past 12 months increased
by 25% over last year; however, the number
of respondents who do not know how many
incidents occurred has doubled over the past
two years.
“Given today’s escalating threats, organisations need to implement new technologies that
can continually monitor the network, applications and data for anomalous activity that
might indicate a security incident in progress,”
said Bob Bragdon, publisher of CSO.
Smartphones, tablets, the “bring your own
device” (BYOD) trend and the proliferation of
cloud computing have elevated security risks,
yet efforts to implement mobile security programmes do not show significant gains over
last year and continue to trail the increasing
use of mobile devices. While 47% of respond-
THE GLOBAL
STATE OF
INFORMATION
SECURITY®
SURVEY 2014
T
he Global State of Information
Security® Survey 2014 i s a
worldwide study by PwC, CIO
magazine, and CSO magazine. Readers of CIO and CSO magazines and
clients of PwC from around the globe
were invited via e-mail to take part in
the survey. The results discussed in
the report are based on the responses
of more than 9,600 executives including CEOs, CFOs, CISOs, CIOs,
CSOs, vice presidents, and directors
of IT and information security in 115
countries. Some 36% of respondents
were from North America, 26% from
Europe, 21% from Asia Pacific, 16%
from South America, and 2% from the
Middle East and Africa. The margin of
error is less than 1%.
To see the survey findings in detail,
visit: www.pwc.com.cy/technologyconsulting (under “Our Publications”
section) or www.pwc.com/gsiss2014.
ents use cloud computing – and among those
who do, 59% say that security has improved
– only 18% include provisions for cloud in
their security policy. The survey found that,
while most respondents have implemented
traditional security safeguards (such as VPNs,
firewalls, encryption of desktop PCs), they are
less likely to have deployed tools that monitor
data and networks to provide real-time intelligence about today’s risks.
In today’s elevated threat landscape, it is
critical that organisations rethink their security
strategy so that it is integrated with business
needs and strategies and is prioritized by top
executives. Yet the survey found that many
respondents have not done so. Collaboration
with others to improve security has become a
key way to gain knowledge of dynamic threats
and vulnerabilities, yet only 50% of respondents said they collaborate.
“Integrated security should be a pivotal
part of an organisation’s business agenda and
culture – and every employee, supplier and
partner should understand and agree to follow
your security policy,” said David Burg, PwC’s
Global and US Advisory Cybersecurity Leader.
“Building and sustaining a culture of security
awareness will also require the full support of
top executives, including the CEO and board
members. It cannot happen without them.”
Respondents say the top three obstacles to
improving security are (1) insufficient capital
funding, (2) a lack of vision on how future
business needs will impact security, and (3) a
lack of leadership from the CEO or the Board.
“You can’t fight today’s threats with yesterday’s strategies,” said Gary Loveland, a PwC
Advisory principal focused on cybersecurity.
“What’s needed is a new model of information
security, one that is driven by knowledge of
threats, assets and the motives and targets of
potential adversaries.”
Insiders, particularly current or former employees, are cited as a source of security incidents by most respondents. And while many
believe nation-states cause the most threats,
only 4% of respondents cited them, whereas
32% pinpoint hackers (those who gain unauthorized access to a computer or network to
steal information or cause harm) as a source of
outsider security incidents.
IN TODAY’S ELEVATED
THREAT LANDSCAPE,
IT IS CRITICAL
THAT ORGANISATIONS
RETHINK THEIR SECURITY
STRATEGY
88 Gold THE INTERNATIONAL INVESTMENT, FINANCE & PROFESSIONAL SERVICES MAGAZINE OF CYPRUS
business_defending future threats.indd 88
07/11/2013 19:21