While India Inc. is spending more on cybersecurity each year, organisations are still not confident of their ability to sense, resist and respond to cyber threats, says the latest survey by EY, the global professional services organisation.
The report, titled Path to cyber resilience: Sense, Resist, React: EY’s 19th Global Information Security Survey 2016-17, was released here today by Gulshan Rai, National Cybersecurity Coordinator, National Security Council, Prime Minister’s Office, Government of India. Participants
Now in its 19th year, the EY Survey is based on responses from 1,735 global C-suite executives, including 124 CXOs from India. 69 percent of Indian respondents reported an increase in their cyber security budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year.
Survey
Despite the increased investments, 75 percent of the Indian respondents say that their cyber security function does not fully meet the organisation’s needs.
Speaking on the occasion, Gulshan Rai said: “We are at the cusp of a cybersecurity paradigm shift and it is imperative that for the overall national security we join hands to share, evaluate and acquire threat intelligence and develop a robust operational framework to use this with security technologies.”Also read: Cybersecurity Cannot be an Afterthought While Adopting IoT: PwCIncreasing risk exposure
According to the survey, 61 percent of the respondents cited outdated information security architecture and controls as the topmost vulnerability factor.
Careless or unaware employees is their second-most important concern (58 percent), while vulnerabilities related to mobile computing, social media and cloud computing also feature prominently.
Among threats, the majority (54 percent) believe that cyber-attacks are primarily targeted at defacing/disrupting organisations or towards stealing intellectual property or data (51 percent),
followed by fraud (48 percent).
The survey highlights that respondents are more confident of their ability to predict and detect a cyber-attack with 52 percent saying that they would be able to do so, but more than half of the respondents (55 percent) do not have a formal, threat intelligence program, while 44 percent do not have a vulnerability identification capability.
Further, more than a third (33 percent) do not have a security operations centre (SoC), which serves as a continuous monitoring mechanism.
More than half (52 percent) would not increase their cybersecurity spending after experiencing a breach which did not appear to do any harm, which the report highlights as a matter of concern, observing that ‘cyber criminals often making test attacks or lie dormant after a breach.’
“Since cyber resilience cannot be achieved by buying “security-in-a-box,” organisations need to focus on gathering periodic threat intelligence, enhancing their threat-hunting and breach detection capabilities, and institutionalising a robust incident response framework,” said Nitin Bhatt, EY India’s Risk Advisory Leader.
According to the Indian respondents, management and governance issues (42 percent), followed by lack of quality tools for managing information security and lack of executive awareness and support (41 percent) were seen as the main challenges for information security operations as compared to lack of budgets (61 percent) and skilled resources (56 percent) globally. 38 percent of the Indian respondents say that boards are not fully knowledgeable about cyber risks
More than a third of the Indian respondents (37 percent) cited budget constraints and lack of skilled resources (39 percent) as obstacles.
More than three-fourth of the respondents indicated that they do not evaluate the financial impact of every significant breach and those that have had a cyber breach in the last year, more than half (57 percent) have no idea of the financial damage incurred.Also read: Cisco India Unveils Three Cyber Security InitiativesChallenges of the digital ecosystem and connected devices
On the impact of the Internet of Things (IoT), the report states that organisations are struggling with the huge number of devices that will become part of their networks, challenges related to the size of data traffic and the expanding ecosystem of business partners.
The most important information security challenges of IoT were identified as finding hidden or zero-day attacks (50 percent), identifying suspicious traffic over the network (44 percent) and ensuring that implemented security controls are meeting the requirements of the day (40 percent).
On the growing use of mobile devices such as laptops, tablets and smartphones, more than half (55 percent) see poor user awareness as the most significant risk, followed by (41 percent) loss of device which leads to loss of information and identity.
Among information security priorities over the next 12 months, business continuity and disaster recovery was rated by respondents as their top priority (63 percent), along with data leakage and data loss protection (60 percent).
Although 43 percent plan to spend more on business continuity in the coming year and 37 percent plan to spend more on data leakage, there is also considerable focus on higher spends on security awareness and training of employees, vendors and business partners, cloud computing and threat and vulnerability management (38 percent). Also read: Data Security Council of India, Lockheed Martin Launch Cybersecurity Portal to Educate SMBs
Comments
0 comment