Insights From EY’s 2014 Global Information Security Survey
“Anticipating cyber attack is the only way to be ahead of cyber criminals.” EY sends this message to all in their Global Information Security Survey 2014. The security survey, published in October, had 1,825 respondents from 60 countries worldwide in 25 different industry sectors. The report covered the foundations of cyber security and the elements that need the most attention in today’s cyber world. By focusing on being prepared for cyber attacks, businesses will be able to transform from an easy target to an impenetrable force. Left unprepared and unprotected, cyber threats will continue to multiply.
The survey found that for many organizations, the biggest setback for cyber security is a lack of skill. The need for cyber security specialists is ever increasing as the threat becomes more prevalent. Five percent of responding organizations have a team with dedicated analysts and external advisors that evaluate for exposure against threat actors. That means that about ninety-five percent of organizations are left without the skill and knowledge to protect them from cyber threat.
Rather than making improvements in adapting to the cyber security world, the data shows that companies are moving backwards. In 2014, over 16 percent of companies admitted that they do not have a data breach detection program. This percentage has increased since the year 2013, when 12 percent of respondents reported not having a data breach protection program. This year only 13 percent of organizations say that their Information Security function fully meets their business’ needs, which is down four percent from the previous year.
According to the survey, upwards of 45 percent of respondents said that their companies “still have a lot to improve” when it comes to cyber security. Over 50 percent of organizations say that it is highly unlikely that their organization would be able to detect a sophisticated attack. This means that often cyber threats are overlooked and when not overlooked, the response is often too late. Increasing understanding and awareness within organizations can help close the door to cyber attacks.
What should organizations do now? The report recommends that companies continue to focus on the foundations of cyber security and make cyber security more aligned with key business processes. An important step that companies can take today is to protect sensitive customer and patient data, such as PII and PHI, from malicious hackers. Retailers and consumer facing businesses can neutralize the threat of data breaches by protecting credit card and PAN data throughout the payment stream with enhanced encryption and tokenization. Voltage makes encryption and tokenization of sensitive data simple and effective through cryptographic innovations. Learn more atwww.voltage.com.