In the past 12 months, roughly one in three targeted attacks resulted in an actual security breach, which equates to two to three effective attacks per month for the average company. Still, a majority of security executives (75 percent) surveyed are confident in their ability to protect their enterprises from cyberattacks.
That said, only slightly more than one-third (37percent) of respondents say they are confident in their ability to perform the essential activity of monitoring for breaches and only a similar number (36 percent) say the same about minimizing disruptions, according to the services firm Accenture.
In the report titled “Building Confidence: Facing the Cybersecurity Conundrum,” Accenture surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments. The survey reveals that the length of time taken to detect these security breaches often compounds the problem, as more than half of executives (51 percent) disclose that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
Kevin Richards, managing director, Accenture Security, North America said: “Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past. There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain. It is also clear that the need for organizations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defense deeply into the enterprise – has never been greater.”
Visit: www.accenture.com/cybersecurityreport.
Meanwhile Accenture has completed its acquisition of Redcore, a privately-held Australia-based consulting company that specialises in identity and access management services (IAM), plus security services for cloud, network management, public key infrastructure, cyber defence, applications and the Internet of Things.
Comment
Richard Parris, CEO of British cybersecurity company, Intercede, said: “Accenture’s report that one-third of targeted attempts to breach corporations’ cyber defences succeed is alarming, but more worrying is that 98 percent of breaches are reported by employees outside the security team. It’s the security team’s bread and butter to be able to identify and address cyber breaches as, and when, they happen – after the event is often too late as sensitive customer and company information has been leaked and shared online. Security professionals need to know who and what is trying to access their network and data in order to be able to defend against attack.
“Unfortunately too much time is still spent ‘mopping up’ after a breach in many businesses. With the continued reliance by many companies on insecure username and passwords to protect valuable data, it is an almost impossible task for the security team to keep track of who and what is accessing the network. But it doesn’t need to be this way – there are infinitely more secure identity management solutions available that will enable the CISO to know that if employee ‘X’ is logging onto the network, that it is the real employee ‘X’, and not an imposter.
“One of the big challenges in the UK is for the Government to lead by example. There are very sophisticated approaches and technologies being used by other governments around the world to make sure only authorised individuals and machines can access highly sensitive data. Phillip Hammond’s announcement that an extra £1.9bn will be invested in Britain’s cybersecurity strategy is welcome news, but the Government now needs to ensure it puts its rhetoric into action and set the standard for cyber security in the UK.”
