The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

IT Security and Privacy Survey Webinar Highlights

Scott Laliberte

Managing Director

Views
Understand the GDPR legitimate interest vs. consent dilemma
Larger Font
2 minutes to read

The 2015 IT Security and Privacy Survey findings revealed a widespread lack of cybersecurity confidence among organizations surveyed. Cyberattacks are increasing in frequency and sophistication. One in three targets falls victim. If your organization is not keeping pace with the threats, then you are falling behind.

Directors take note: The most significant differentiator in an organization’s preparedness for a security breach or cyberattack is the degree to which the board is engaged in IT security and asking hard questions that management has to answer. These include:

  • Does the organization have a formal and documented IT crisis response plan?
  • Is it tested at least annually?
  • How robust is the testing – perimeter only, or more enterprise-oriented war games? Does it evaluate the efficacy of breach detection and kill chain disruption?
  • How deep is our training/knowledge?
  • What is our average time to detection of breaches and how does it compare to the industry?
  • Are we testing for social engineering attacks?

Executives beware: The cyber threat landscape is evolving faster than typical IT security measures can keep up. One of the rising threats is social engineering attacks (especially spear phishing), designed to trick high-level executives into downloading malware/spyware. Statistics show that such schemes have over thirty percent success rate. This rate can drop significantly with proper training but even so, it only takes a single high-level breach to gain access to high-value, “crown jewel”-type information.

In addition to the questions listed above for board members, executives should be asking:

  • Who is responsible for IT governance – especially information security?
  • Does everybody in the organization know that?
  • How deep is our bench? If one or two key people were removed from the chain of command, would we still be able to effectively executive our crisis plan?
  • What are our “crown jewels?” What information do we have that needs to be protected?
  • How would we know if we’ve been breached?

IT leaders: Make sure you’ve got your bases covered. Recognize that the threat landscape is constantly changing. Stay up to date on data security certifications, such as ISO 27001 and PCI DSS. Make sure you have a solid, vetted IT crisis plan in place, test it regularly, communicate it to employees and train everyone in their role. Drill your team with real-life war game scenarios until you are confident that everyone knows their role and your plan will work as intended. Pull out a couple of key people and run the simulation again to ensure sustainability. Constantly ask yourself: “What are we missing?”

It is worth pointing out that most breaches go undetected for more than 6 months, and are usually discovered by a third party. This highlights the need to test detection capability, in addition to response capability.

The survey revealed a decrease in certain key IT security elements – such as policies and training – over the past three years. Although disconcerting, such dips are not uncommon as organizations transition from a rote “check-the-box” mentality to real readiness.

All signs point to an increased awareness of IT security challenges. For a more robust discussion and solid background on this issue, listen to the webinar and download the survey report.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Cal Slemp

By Cal Slemp

Verified Expert at Protiviti

EXPERTISE

Scott Laliberte

By Scott Laliberte

Verified Expert at Protiviti

Scott is the Global Leader of Protiviti’s Emerging Technology Group. Scott and his team enable clients to leverage...

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

What you need to know: Aging systems, data silos, regulatory pressures and talent gaps complicate enterprise transformation for public utilities....

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

The big picture: C-suite leaders in traditional aerospace and defense (A&D) companies are launching and growing their aftermarket services and...

Search