Most businesses unprepared for cyberattack, study finds

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.zdnet.com/most-businesses-unprepared-for-cyberattack-study-finds-7000027430/


A new survey suggests that the majority of businesses across the globe are
unprepared to deal with cyberattacks in the future.

Research conducted by the Economist Intelligence Unit and Arbor Networks
says that while cyberattacks are on the rise, corporations are still
woefully unprepared in dealing with the prevalent threat.

If hackers manage to break in to a corporate system, whether through the
primary network or through a third party with access to systems, then this
can leave client information at risk -- including finances, addresses and
contact details.

Once a breach occurs, not only can this cost a firm a fortune to fix, but a
company's reputation is likely to be damaged -- which in turn can lower
future profit margins if consumer trust cannot be restored. As an example,
U.S. retailer Target's recent security breach resulted in the theft of at
least 40 million customer records containing credit and debit card data, as
well as approximately 70 million accounts with information including home
addresses and mobile phone numbers.

These kinds of cyberattacks, especially in high-profile cases, are not easy
to recover from. Despite this, the business intelligence provider and
security firms' report, "Cyber incident response: Are business leaders
ready?" says that many companies are still not getting the message -- that
skilled employees and the investment of time and money are necessary to
keep networks safe.

After surveying 360 senior business leaders in companies across the U.S.,
Europe and Asia-Pacific, the companies found that while 77 percent of firms
have suffered a security breach in the past two years, over a third of
firms -- 38 percent -- still have no incident response plan in place should
a cyberattack occur.

A mere 17 percent of businesses worldwide claim to be "fully prepared" for
an online security incident.

Many respondents said that IT departments were relied upon to cope with the
problem of cyber threats, but firms that have suffered a breach within the
last two years were twice as likely to have hired third-party IT experts or
teams to better understand the risks that networks face.

Whole 41 percent of business leaders feel a better understanding of
potential threats would help them be better prepared, in order to save
face, only a third of companies share data concerning incidents with others
to spread best practices and exchange information -- and 57 percent do not
voluntarily report incidents if not legally required to do so.

Arbor Networks President Matthew Moynahan commented:

"As these findings show, when it comes to cyber-attacks, we live in a
"when" not "if" world. In the wake of recent high profile targeted attacks
in the retail sector, a company's ability to quickly identify and classify
and incident, and execute a response plan, is critical to not only
protecting corporate assets and customer data, but the brand, reputation
and bottom line of the company."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!