This figure was both a surprise… and not. The majority of cyber attacks are not reported, for good reason. It is embarrassing for private enterprise to publicly report a data security breach. There is an obvious negative impact on public opinion, shareholders, etc.
Most security directors are unaware of the pervasive cyber vulnerabilities inherent in many of the technologies they deploy. There are encryption and identity management solutions for physical security systems that can manage this risk. The need for more collaboration between Physical Security and InfoSec Consultants is very real. As related industries, we need to improve the quality of the overall solutions being offered to our end-user partners. I have listed a few important excerpts below:
From “SIA Update” dated February 22, 2016:
According to the 2016 Cyberthreat Defense Report, 76 percent of responding organizations were affected by a successful cyber attack in 2015 – up from 70 percent in 2014 and 62 percent in 2013.
Free copy of the Cyberthreat Defense Report at: Cyberthreat Report.
- Endpoint protection revolution. For three consecutive years, respondents have expressed growing dissatisfaction with their current endpoint security defenses. This year, a whopping 86 percent have expressed their intention to replace (42 percent) or augment (44 percent) their current endpoint protections.
- BYOD backpedaling. The percentage of organizations with active BYOD deployments has dropped for the third consecutive year – from 31 percent in 2014 to 26 percent in 2016.
- Must-have network security investments. Next-generation firewalls are the top-ranked network security technology planned for acquisition in 2016, followed by threat intelligence services and user behavior analytics.
- Mobile devices “still” in the crosshairs. For the second consecutive year, mobile devices are perceived as IT’s “weakest link.” In total, 65 percent of respondents witnessed an increase in mobile threats over the prior year.
- Malware and spear-phishing continue to cause headaches. Malware and spear-phishing top the list of cyberthreats causing the greatest concern among respondents for the third-consecutive year.
- Massive exposure to SSL blind spots. Only a third of responding organizations have the tools necessary to inspect SSL-encrypted traffic for cyberthreats, revealing a gaping hole in enterprise security defenses.
- Employees are still to blame. For the third consecutive year, low security awareness among employees tops the list of barriers to establishing effective security defenses. Survey participants are also concerned with an overwhelming volume of security event data, lack of skilled personnel, and lack of available budget.
Complete SIA Update dated February 22, 2016 at: Feb SIA Update.
This site is maintained by Douglas Levin, PSP, AHC, LEED AP. It is intended to be my personal professional blog. The content reflects my personal opinions and observations regarding the Physical Security Systems industry and Technology Sectors. The opinions expressed herein reflect my personal viewpoint/ideas and do not in any way represent the position of any other person, organization or company.