Cybersecurity threats are evolving. Cybersecurity spending is increasing. But are the current investments in prevention actually helping? These are questions that PwC has been asking in some of their latest research.
According to the latest Global State of Information Security Survey, UK companies are spending more on information security, on average £6.2m against £3m last year. Security is being given top priority, with greater investment in technology and training, but Board involvement in security strategy setting remains below the global average. However, despite this increased investment in security, data security incidents have continued to rise, up by 23% in the last year.
"Businesses may invest more (or less) in cybersecurity, and sophisticated technologies certainly can help prevent the spread of attacks or reduce impacts. But threat actors will likely remain ahead of the game by leveraging new tactics and techniques as their motives and technologies evolve."
As PwC addresses in a subsequent article on their findings, UK organizations are not seeing a return for their increased cyber security spending. Although current employees continue to be the top insider risk, business partners (service providers, consultants, contractors) are a growing source of security incidents. Unfortunately, there are still a number of organizations who have little insight on the source of security incidents: 18% report they don’t know how many cyber attacks they suffered in the past year, while 17% report a lack of knowledge on the source of security incidents. The report also indicates that it’s not necessarily advanced threats or new tacts that are effective, with 37% of incidents tied back to basic phishing incidents. It’s clear that more needs to be done to shore up these weaknesses in security.
“Cyber security is far more than just building security controls – it’s about changing your organization to be securable. That requires all aspects of a business to be engaged, to make tough decisions at board level, and embed consideration of cyber security risk in all decision-making processes. It’s not just about having more budget to buy more technology to patch cyber security holes. UK organisations need to take a more strategic approach to how they spend their increased budgets to start to see a real uptick in security posture.”
This report re-iterates that an increased security spend is only effective if coupled with a top-down integration of security into the core culture of the organization, paired with effective layers of technology to prevent, detect and remediate security incidents, with a particular focus on the insider threat. According to our own study, many employees put data at risk in small, but ultimately significant ways, such as modifying default settings on devices, accessing personal email, online banking / shopping, social media, public WiFi, file sharing, etc). Mistakes cannot be predicted, but there are steps you can take to mitigate the insider risk.
With Absolute DDS, you gain visibility into the endpoint and a holistic picture of the health of those devices (through automated alerts on everything from encryption and anti-malware status to geographic fences), allowing IT to remotely safeguard data at all times. With Absolute DDS, you have unprecedented insight into the endpoint and the data it contains, including data stored in the cloud, allowing you to proactively enforce security policies or react to risks by locking down or remotely deleting data. Leveraging our new Application Persistence, you will have unrivalled support for scenarios beyond the reach of existing solutions, including negligent and malicious user activity. Learn more at Absolute.com