A breach will happen: Deloitte Cyber Security SurveyDOWNLOAD
15 February 2013: The world’s largest Technology, Media and Telecommunications (TMT) companies are shifting their focus on cyber security from one of compliance, to one where cyber resilience is becoming a top business priority, according to the Deloitte TMT Global Security Study.
The survey of 121 global TMT companies found their top security focus for 2013 will be to develop a robust information security strategy to manage their increasingly complex and hyper-connected environments.
“Cyber risk is a top technology priority for TMT businesses here and around the world,” Tommy Viljoen National Security and Resilience Lead at Deloitte Australia said.
He said: “The proliferation of third party networks has weakened defence systems, and more than half (59%) of the organisations surveyed acknowledged a security breach in the last year. In addition, less than half of the respondents reported having a plan in place to address a security breach.”
Confident, but under-prepared
The Deloitte Survey found that businesses are underestimating how well prepared they are to prevent cyber-attacks, with 88% of participants not seeing their company as vulnerable. With more than 60% of the participants in this sixth annual worldwide study rating their ability to mitigate newly developed threats as ‘average’ or ‘high’.
“Given the knowledge that most passwords can be cracked in five hours, we are seeing a shift towards multi-factor authentication such as a logon and a text code. This supports one of Deloitte’s predictions for TMT companies globally in 2013 - the end of the strong ‘password-only’ security environment,” Deloitte Technology Risk Leader, Dean Kingsley said.
Viljoen added: “The reality is that no organisation is 100% safe from a security breach. Businesses need to assume a breach will happen and prepare accordingly. The business focus needs to shift from pure prevention to detection and response planning, with the goal of creating a resilient organisation that can bounce back quickly from attacks.”
Lack of security awareness, complex 3rd party networks, and mobile devices biggest threats
Innovations in technology and how people use that technology were seen as the biggest security threat. More than three quarters (78%) of the respondents rated security breaches at third parties as one of their top three threats. As businesses become more reliant on third parties in their efforts to improve efficiencies (and as third parties develop their own downstream service networks and increasingly rely on the cloud), TMT organisations are concerned that their data is and will be shared and exposed in ways they cannot control.
“In order to effectively counter cyber risks, companies need to move beyond pure contractual arrangements with their suppliers and other third parties, such as government, and be more willing to collaborate and co-operate to reduce the weaker links,” Kingsley said. “Only 30% of the participants believe third-parties are shouldering enough responsibility for cyber security.”
Kingsley added that the mobile and bring your own device (BYOD) trends continue to challenge security teams, with 74% of participants in the Deloitte Survey ranking it as their second biggest security risk. Despite this, only half of the respondents (52%) indicated they have specific policies for mobile devices in place, and 10% do not address BYOD risks at all.
He said: “Seventy per cent of survey respondents also listed their employees’ lack of security awareness as an ‘average’ or ‘high’ vulnerability.” The study found that TMT companies are working to improve awareness, with 44% offering general security-related training to their employees.
According to the surveyed organisations, network-related protective technologies (such as firewalls and network zones) are by far the most effective methods. Security compliance tools are considered the least effective.
Hacktivism is referenced in the survey for the first time, with 63% of participants rating it as a major concern. This combines social or political activism with hacking and seeking to block access to a company’s online operations through a denial of service (DOS) attack.
“This vulnerability to hacktivism reflects that cyber-attacks can now come from anywhere, and be prompted by perceived controversial business practices and decisions, often highlighted through social media,” Viljoen pointed out.
Recognising the very real threat of hacktivism, TMT organisations are starting to gather intelligence relating to it and other types of cyber-crime incidents. More than half of the participants in the survey collect general information and almost 40% collect information about attacks specifically targeting their organisation, industry, brand or customers.
About the Deloitte TMT Global Security Study
The Deloitte TMT Global Security study is developed based on the results of interviews with security executives of 121 TMT organizations from 38 different countries representing every geographic region. The study surveyed participants from all three TMT sectors and with respondents spanning the full range of revenue categories.
The Deloitte TMT Global Security Study is available on the Deloitte website www.deloitte.com/au/tmtsecuritysurvey
NB: See our media releases and research at www.deloitte.com.au
Follow us – @DeloitteNewsAU