September 19, 2013 By Kim Aarenstrup 2 min read

In the recent release of the Cyber Security World News, I noted an article which highlighted a deep concern about the cybersafety of the world’s organizations. But first, think about how it would feel to drive your car, blinded with a bag over your head – quite scary and very risky. That’s how it often feels like for security professionals.

Here’s how to avoid cyber-maneuvering in blind:

  • Establish a strong Security Policy, which covers the cyber threats – and ensure top management commitment.
  • Establish strong technology controls that un-blinds you, so you can clearly see what goes on – you will be surprised what is actually taking place without your knowledge!
  • Respond to the incidents that are identified.

Now, according to a recent study by Kasperskys Lab, that is exactly what 60% of all IT professionals think their companies are doing, because of the under investment in terms of cyber protection mechanisms. Organizations are simply not spending sufficient time or money to develop cyber security policies, according to the IT experts. Consequently, only less than half of the responders feel that they have a sufficiently organized and systematic processes to deal with cyber threats. Amongst my friends and colleagues in security jobs, they all seem to struggle with the exact same challenge. They have no or little funding, and people to deal with this.

Especially in the educational industry and in government and defense organisations, things are very bad – and two thirds of the IT professionals there believe they are constantly in danger of losing confidential information. Almost half of the surveyed organizations had no policy for implementation mobile devices and the necessary security around them. Even the places where the policies were okay, there was still an inadequate availability of resources – and highlighting this to the upper management have no effect.

Also, more than 90 percent of businesses surveyed have reported at least one cyber security incident the past year.

This is a quite expensive strategy, with a significant risk of exceeding the agreed budgets, because large companies typically has an average cost of 400,000 GBP per incident. Smaller companies typically have a cost of around 30,000 GBP per incident. That said, the survey also tells that a successful targeted attack can cost a company more than £1.5 million in direct financial losses, so cyber threats does not come with a cap.

These results are not much different from what I experience myself when talking to colleagues around the world, who are all struggling with daily increased threats, growing amounts of data, including business confidential – and an ever more complex infrastructure over which the data are processed, in traffic or stored. And in the survey, the top management often mistakenly think that the costs of cyber protection is greater than the potential losses.

See the full survey at the Global Corporate IT Security Risks survey.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today