Cyber attacks and information leaks are becoming increasingly common, giving businesses good reason to place information security on the front burner.
In 2014, one billion personally identifiable information records were stolen. And if your company is a victim, it is estimated that a data breach will cost on average $150 million by 2020. With digital attacks on the rise and the cost so high, it seems only natural more infomation security techs would be available to prevent or fight them. However, the Information Systems Audit and Control Association (ISACA) predicts that there will be a shortage of 2 million cybersecurity professionals by 2019.
While this may be a prediction about the future. Let’s take a look at the current state of information security.
PricewaterhouseCoopers (PwC) recently released its 2016 Global State of Information Security Survey. We’ve summarised some of their key findings and trends.
Embrace a risk-based cybersecurity framework
An astonishing 91% of organisations have adopted a risk-based framework or frameworks. These frameworks are an important basis to monitor, record and respond to attacks. The high uptake of risk-based frameworks shows that companies are serious about data security and protection.
The surveyed organisations explain that the adoption of these frameworks has many benefits including:
- Keeping data more secure
- Enabling better internal and external communication about any issues
- The ability to identify threats quickly and prioritise them
- Helping to expose and understand security gaps, which leads to better security standards
Most organisation’s frameworks follow the guidelines set out in the US National Institute of Standards and Technology (NIST) Cybersecurity Framework, SANS Critical Controls and ISO 27001.
Use cloud-based cybersecurity services
In recent years, organisations have invested heavily in cloud-based cybersecurity. The advances in data security, network security, privacy and identity, and access management, have pushed cloud-based options to the top. And organisations have noticed, with the survey finding 69% of organisations now use cloud-based cybersecurity services.
These services are to ensure quality privacy protection and data security. Even back in 2014, a report by PwC noted that cloud-based cybersecurity options transcended the barriers of traditional IT, and would change the security industry as we know it.
Big Data is big business
Data-driven analytics and insights are big business in cybersecurity. Accurate, fast and actionable security information reduces the critical time from detection to remediation. This type of Big Data enables security specialists to proactively defend and protect networks, systems and privacy.
59% of organisations said they leverage Big Data analytics for security. These analytics enabled them to model and monitor for security threats, as well as respond to incidents. Some organisations said they used the data to monitor employee usage patterns, flag outliers and spot users unauthorised use. Which is interesting - because while employees remain the highest source of compromise, incidents attributed to business partners jumped 22% from the previous year.
Collaboration is more powerful than ever
Two minds are more powerful than one — and it rings true in IT security. 65% of the survey respondents said they collaborated with similar business and partners to improve cybersecurity and reduce cyber-risks by sharing data. These collaborative efforts are up by 15% from 2013.
Organisations who collaborated said data information from industry peers was more actionable and improved threat awareness. Those organisations not collaborating said it was because of system-misalignment or updates being unable to be communicated at network speed.
Top-level executives are in on the action
The responsibilities of those in the top security seat are rapidly expanding. As PwC explains, their expertise not only has to lie in security, but also risk management, corporate governance and the business’ basic objectives.
Organisations responded that:
- 45% of their boards participated in overall security strategy.
- 46% said the boards participate in developing information security budgets.
- 54% responded that they have a chief information security officer (CISO) in charge of their security program and;
- 49% had a chief security officer on board.
The fact that boards are becoming more involved in cybersecurity planning does not only promote a well-rounded business culture, but also helps to better align the information security with overall business goals and risk management objectives.
PwC’s Global State of Information Security Survey 2016 highlights important information technology security trends that impact organisations globally.
It’s already clear that the threat of a crippling data leak or hack is real. It’s good to see that companies are stepping up their internal processes to reduce and omit the chance of this happening to them.