Greetings and welcome. This week, new survey results highlight old and new challenges to your enterprise’s cybersecurity, and what you should do to address them. Inspired to share any relevant opinions, reactions, and/or suggestions? Please feel free. Thanks in advance – and have a happy, safe, and secure New Year.
EY’s Latest Global Information Security Survey: The More Things Change…
EY has published its 20th Global Information Security Survey, which “captures the responses of nearly 1,200 C-suite leaders and information security and IT executives/managers.” Respondents came from a wide variety of company sizes, industries, and geographic regions.
- Budgets, talent, and executive awareness were frequently cited as barriers to better cybersecurity. “59% of respondents cite budget constraints while 58% lament a lack of skilled resources; 29% complain about a lack of executive awareness or support.”
- Budgets are rising, although not enough at many responding enterprises. “59% of respondents this year say their budgets increased over the last 12 months. 87% say they need up to 50% more budget. 12% expect an increase of more than 25% in their cybersecurity budget.”
- Executive engagement and awareness remain inconsistent. “63% of organizations still have the cybersecurity function reporting into IT.” “24% say the person with responsibility for cybersecurity sits on their board,” while “only 50% report to [their boards] regularly.”
- Cybersecurity basics are inadequately addressed at many surveyed organizations. “75% of respondents rate the maturity of their vulnerability identification as very low to moderate.” “38% have no identity and access program or have not formally agreed such a program.” “35% describe their data protection policies as ad-hoc or non-existent.” And “12% have no breach detection program in place.” Yet the same percentage of respondents “feel it is very likely they would detect a sophisticated cyber attack.”
- “69% of respondents have some form of formal incident response capability.” However, only 8% “describe their plan as robust and spanning third parties and law enforcement.” Further, “43% of respondents do not have an agreed communications strategy or plan in place in the event of a significant attack.”
- “89% say their cybersecurity function does not fully meet their organization’s needs.”
- “Only 4% of organizations are confident that they have fully considered the information security implications of their current strategy, and that their risk landscape incorporates and monitors relevant cyber threats, vulnerabilities and risks.”
What We Say: Threats to your organization are growing in number, type, and effectiveness as you read this. You and your colleagues must resolve to make 2018 the year in which you do all you can to implement tools and processes that maximize protection of your users and resources from those threats. At minimum, those tools and processes must enable your organization to discover, identify, and limit the effects of threats, using proven recommendations and best practices as guidelines.
The Australian Signals Directorate (ASD), the Center for Internet Security (CIS), and other experts agree. Effective patch management and control of applications and administrative privileges are strong first steps that can address at least 85 percent of threats to your organization’s cybersecurity. Consistent executive engagement and user education are also critical. (See “What to Do BEFORE All Hell Breaks Loose: Cybersecurity for Today’s Extreme Threats” and “User Education for Cybersecurity: Yes, It’s Worth It.”)
Resolve to Improve Your Cybersecurity with Ivanti
Whatever your current cybersecurity measures and posture, Ivanti can help to improve it. Ivanti solutions help you control your users’ applications, devices, and admin rights, while delivering the access they need to do their jobs. Ivanti can also help fight malware attacks more effectively, and recover from successful threats more quickly. Ivanti can also help enhance endpoint management across your organization.
Check out our cybersecurity and endpoint management solutions online. Then, contact Ivanti, and let us help your business tap more of The Power of Unified IT™. (And do please keep reading, sharing, and commenting on our security blog posts, especially our Patch Tuesday and Threat Thursday updates, throughout 2018.)