76 Percent of Organizations Breached in 2015

Cyber cartoon

 

This figure was both a surprise… and not. The majority of cyber attacks are not reported, for good reason. It is embarrassing for private enterprise to publicly report a data security breach. There is an obvious negative impact on public opinion, shareholders, etc.

Most security directors are unaware of the pervasive cyber vulnerabilities inherent in many of the technologies they deploy. There are encryption and identity management solutions for physical security systems that can manage this risk. The need for more collaboration between Physical Security and InfoSec Consultants is very real. As related industries, we need to improve the quality of the overall solutions being offered to our end-user partners. I have listed a few important excerpts below:

From “SIA Update” dated February 22, 2016:

According to the 2016 Cyberthreat Defense Report, 76 percent of responding organizations were affected by a successful cyber attack in 2015 – up from 70 percent in 2014 and 62 percent in 2013.

Free copy of the Cyberthreat Defense Report at: Cyberthreat Report.

  • Endpoint protection revolution. For three consecutive years, respondents have expressed growing dissatisfaction with their current endpoint security defenses. This year, a whopping 86 percent have expressed their intention to replace (42 percent) or augment (44 percent) their current endpoint protections.
  • BYOD backpedaling. The percentage of organizations with active BYOD deployments has dropped for the third consecutive year – from 31 percent in 2014 to 26 percent in 2016.
  • Must-have network security investments. Next-generation firewalls are the top-ranked network security technology planned for acquisition in 2016, followed by threat intelligence services and user behavior analytics.
  • Mobile devices “still” in the crosshairs. For the second consecutive year, mobile devices are perceived as IT’s “weakest link.” In total, 65 percent of respondents witnessed an increase in mobile threats over the prior year.
  • Malware and spear-phishing continue to cause headaches. Malware and spear-phishing top the list of cyberthreats causing the greatest concern among respondents for the third-consecutive year.
  • Massive exposure to SSL blind spots. Only a third of responding organizations have the tools necessary to inspect SSL-encrypted traffic for cyberthreats, revealing a gaping hole in enterprise security defenses.
  • Employees are still to blame. For the third consecutive year, low security awareness among employees tops the list of barriers to establishing effective security defenses. Survey participants are also concerned with an overwhelming volume of security event data, lack of skilled personnel, and lack of available budget.

Complete SIA Update dated February 22, 2016 at: Feb SIA Update.

If you would like to discuss this, or other security topics, please contact him via LinkedIn. Also, take a look at his LinkedIn Discussion Board Security Convergence, or his Twitter feed @DLIPTech.

This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.

Advertisements

About Doug Levin

Doug is a certified (PSP, AHC, LEED AP), experienced business development professional with a focus on the physical security industry. With a diverse background that includes delivering products & services through multiple channels (manufacturing, distribution, specialty & general contracting), he brings a broad industry perspective that adds greater value for his clients. Having decades of experience with sales engineering and design-build of low-voltage automated systems, he also offers a strong emphasis on technical knowledge and consulting services. His career has included responsibility for: profit & loss, operations and sales management with front-line experience in estimating, sales/marketing, project management and developing security design documents & spec writing.
This entry was posted in Cybersecurity, Data Security, Identity Management, Information Security, Physical Security, Technology and tagged , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s