U.S businesses are increasingly feeling the effects of data breaches. Whether they’ve been the victim of an intrusion themselves, or have seen the news of others in their industry being impacted, cybercrime seems to have quite the reach these days.
However, the 2014 U.S. State of Cybercrime Survey, conducted by PwC and CSO Magazine, found that as the number of data breaches throughout different sectors continues to surge, enterprises are not leveraging information protection strategies at the same rate.
“[W]hile the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organizations’ cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries,” the survey stated according to Continuity Central.
An overall picture of cybercrime
The study found several overarching statistics that paint a frightening picture of today’s cybercrime sector - Three in four businesses have experienced a security incident within the last 12 months. The typical company dealt with an average of 135 security incidents within the past year, which resulted in approximately $415,000 in monetary losses.
The survey found that 14 percent of respondents stated that attacks and infiltrations seen in the past year resulted in a loss of financial resources. However, the cost of these events estimated by researchers could be far more, as 67 percent of organizations experiencing a security incident were unable to project the associated expenses.
This current cybercrime environment has created an increased awareness of the need for protection measures to maintain sensitive information and corporate resources. Of the 77 percent of enterprises that were victims of cybercrime in the past year, 34 percent noted that the number of these incidents has increased in recent months. Overall, more than half of businesses – 59 percent – are more worried about cyber threats now that they were in the past.
Top threats in the current cybercrime environment
Researchers found that within today’s environment, there are several threats that organizations deal with on a near daily basis which could result in a data breach if not adequately addressed and secured.
One such threat is the fact that companies are not aligning expenses and spending with their cybersecurity strategy. Instead, organizations should strengthen the link between their business goals and the allotment of financial resources toward the risk impacting these objectives.
Another issue that can create security vulnerabilities is that partnering groups often “fly under the security radar,” according to PwC, CSO and CIO magazines. Oftentimes, cybercriminals will leverage third-party vendors to infiltrate connected businesses. Making this even worse is the fact that many organizations don’t consider third-party security within their own protection strategies. The survey found that less than half – 44 percent – of companies currently have techniques and policies in place to vet third party partners before entering into business with them. Furthermore, only 31 percent build security provisions into their contracts.
One of the biggest risks impacting enterprise security, however, is the fact that many groups do not access their current surroundings to identify protection risks that could affect their organization. Overall, only 47 percent of companies regularly perform risk assessments, and even less – 24 percent – utilize a third party service to gain an outside perspective of their security policy.
Top cybersecurity priorities
In order to tackle additional security issues, there are a few areas that business leaders must focus more heavily on, including their mobile protection. As more employees use their personal mobile devices for work purposes, these endpoints become an increasingly attractive target for hackers and must be adequately secured. However, right now, only 31 percent of survey respondents have a mobile security strategy in place. Additionally, less than half encrypt their staff members’ mobile devices and only a little more than one third utilize mobile device management techniques.
Decision-makers must also put a higher priority on spotting suspicious behavior from company insiders and improving employee training.
“Cybersecurity incidents carried out by employees have serious impact, yet are not addressed with the same rigor as external threats like hackers,” the survey stated. “Employee vulnerabilties are well known, but businesses do not train workers in good cybersecurity hygiene.”
By bolstering efforts in these areas and improving their focus on security enhancements, organizational leaders can ease their worries about cybersecurity and be better prepared to fight off current threats.