On cyber security issues, the study GISS 2015 by Ernst & Young shows that the majority of companies (88%) believe that their information systems do not meet their security needs. Regarding the sources of threats, 59% mention criminal organisations before the hacktivists (54%), but also 35% site groups sponsored by governments.
The audit and consulting firm Ernst & Young (EY) just released its 18th annual survey on information security. Devoted to cyber security threats that companies face, the 2015 edition of the GISS (Global Information Security Survey) was conducted among 1755 organizations in 67 countries. The first observation is that 88% of respondents do not believe their information systems meet their security needs which must cover all company sizes (finance, supply chain, CRM, HR ...). However, there are only 36% that think they would not be able to detect sophisticated attacks, while 56% thought so last year. This is a significant improvement considers EY while reminding the companies to bear in mind that the level of sophistication of attacks increases continuously.
In its preamble to the GISS 2015 study, EY stresses the importance of understanding the challenges of cyber security. Companies often consider the opportunities provided by a digital transformation and accelerate their projects in this direction. But in their haste, they overlook certain precautions and underestimated risks, says the firm. The awareness that the digital world also offered enormous potential for exploitative crime came late. Just as it only began to emerge the complex interconnectivity between users, businesses and the "objects" of the IoT and the unintended consequences that result. To understand and understand the challenges they face, organizations must ask themselves four sets of questions, advise the audit firm. First, what are the threats that you think have to face and how can you fight? Second, what are the worst scenarios for you, how to detect the most tenuous signals and constantly maintain the highest level of alert? Third, why are you still so vulnerable is to faulty measurements in your current environment, because you do not have mechanisms to adapt to changes or because you do not have a proactive approach to neutralize sophisticated cyber attacks? Fourth, what is an active defense and how to build it, what needs improvement? (Part 1)
23 November 2015