IBM, in a recent report entitled 2014 Cybersecurity Intelligence Index, gave an overview of the threats facing organizations today and the various trends that characterize the evolution of the cyber threat landscape. Data was gathered through monitoring of technological platforms of many of its clients and followed by an analysis of the security intelligence obtained.
It was clear from the report that the main players dominating the threat landscape are businesslike and well-funded adversaries who are utilizing sophisticated innovations in targeting their attacks. Organizations on the other hand still exhibit some laxity on employee security training and therefore putting their businesses at risk. The security investments made in the past if any are not up to the challenge in protecting the business data and information from the new classes of attacks.
Neglecting the Fundamentals
Organizations are increasingly becoming vulnerable and not doing as much in the fight against cybercrime. Only 23% of them use cloud security protection while only a third have access to some of the latest threat intelligence solutions. On the whole, less than 50% of businesses have the critical security protections in place. This clearly shows that a majority of organizations are neglecting the basic IT fundamentals thereby undermining their ability to mitigate risk.
Increased Security Events
The threat landscape is continuously expanding with the number of security events reported increasing by day. For instance, in 2013, security events reported reached a total of 91 million. On response to this, organizations should implement up to date security controls in a more proactive manner. There is a glaring need for security intelligence tools to assist in identifying and responding to security threats. Dell SonicWALL believes that security intelligence is a central component in the approach to minimize cybersecurity events.
Among the security incidences, there are some noteworthy events which involve data disclosure and theft. The impact of such events on security is usually very high and they can have huge consequences as far as the reputation of an organization is concerned. Many organizations surveyed indicate the importance reputation is to them and the damage they are likely to suffer if data theft was to occur to them.
Though common, human errors are extremely costly. Over 90% of all the security incidents reported today involve in part or in whole human error in areas such as poor patch management practices, misconfigurations, loss of equipment, insecure credentials, and needless disclosure of sensitive information.
Most attackers are increasingly applying social engineering tactics which are targeted against particular individuals with the intention to trick them so that they can give access to networks and sensitive data in their custody. The best way to handle human error is not to install technology safeguards alone, but also educate the employees so that they can competently identify and defend themselves when faced with suspicious communications that are potentially risk to their organizations.
In addition to the above, the use of malicious code is a dominant activity in today’s cybersecurity landscape with hackers scanning systems and accounts from outside. As an organization, you should build capacity to ably monitor on a continuous basis your networks so that any suspicious or abnormal activity can be identified and dealt with beforehand.