REGISTER

email 14 48

February 10, 2015 - According to a new cyber security study and white paper from Protiviti, the global consulting firm, companies operating in Europe should be doing more to protect themselves adequately from cyber threats.

Within enterprises, privileged IT accounts with elevated levels of access represented a particular cause for concern. The study of IT and security practices of businesses across Europe reveals a high level of complacency about the risks associated with privileged access, in particular in relation to privileged accounts used for IT support. Seventy percent of firms interviewed in the study place other security priorities higher or – despite acknowledging cyber risks – decline to take action.

Danger from within

In addition to privileged IT user access management, the study found that most organisations have severely underdeveloped security solutions for data loss prevention, cyber security incident management and response.  Such solutions will typically have a critical role to play in managing authorised access.  Over 60% avoid ‘mature’ solutions (those with proven effectiveness) and instead rely on trust for privileged IT user security.

In spite of the associated enterprise-wide risks, none of the companies in the study operated a fully protected, highly mature, privileged user access management structure. The findings are even more alarming given the study included a number of organisations in higher risk industries making significant investment in security and that are accountable for protecting sensitive financial information and personal customer data.

Other key findings: Complacency and poor planning

  • Only approximately 30% of participants had invested in the technologies that help improve security across each of the major security solution domains
  • Less than 10% of organisations were making significant use of the functionality that these solutions can provide to manage the risks associated with authorised access
  • Nearly 90% had not implemented a privileged IT user access management solution or were making very limited use of the available functionality, even though privileged accounts are often targeted and used in high-impact cyber attacks
  • Over 50% of organisations have no active data loss prevention solution in place and 80% of organisations have limited active monitoring of potential data loss incidents
  • Only 7% of respondents had an optimised security incident management process in place with half (50%) not having dedicated incident management personnel

White paper highlights need for firms to invest intelligently

Commenting on the results of the study, Jonathan Wyatt, Global Leader of Managing the Business of IT at Protiviti said: “Cyber security is now on the board agenda for many organisations. Those organisations that acknowledge the risk, for the most part, believe that they have considered the risk and taken or are taking necessary steps to mitigate it. Most organisations we interviewed indicated that their tolerance for security or business continuity incidents is low. However, almost all of them behave as though their risk appetite is much higher.”

“The roles that authorised access and the insider play in security incidents is regularly understated and not managed effectively. The combination of poor risk analysis and in sufficient communication of business impact of risks in non-technical language that is accessible to the board and senior executives, leads to a lack of understanding of the true business risks at executive committee level. This can result in the wrong investment decisions being taken, with the potentially catastrophic consequences of inadequate preparation against cyber threats. Organisations must recognize that threats can emerge from within – either through negligence or malice – and prepare accordingly. Relying on trust alone is clearly not enough.”

Ryan Rubin, Managing Director and Regional Lead for Managing Security and Privacy (EMEA) adds: “We found that firms are wasting significant resources – and exacerbating their cyber security risks by not making full use of security systems that they already have in place. Unfortunately, many are still trying to get the basics of cyber security right and, as such, are being left vulnerable to newly emergent or asymmetrical threats.”

“Organisations must increase the attention paid to developing their security posture in both a surgical and tactical manner. Otherwise, businesses run the risk of chronically underutilising existing systems, being left vulnerable and spending far more than they need to in order to ‘fix’ the intractable problem that cyber security presents. This only adds to the misconception that adequate protection is only possible at high cost – a view held by 90% of respondents in our European study. By leveraging solutions that focus on the management of internal threats targeting high risk areas of their business, many firms have significant potential to boost security and cut costs.”

MetricStream TPRM

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

Log in

Please Login to download this file

Username *
Password *
Remember Me

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

CyberBanner

MetricStream TPRM

CyberBanner

CyberBanner

Go to top