RSA, the Security Division of EMC, has released data showing that organisations that invest in detection and response technologies, rather than perimeter-based solutions, are better poised to defend against cyber incidents.
The second annual RSA Cybersecurity Poverty Index, which compiles survey results from 878 respondents across 81 countries and more than 24 industries, attracted more than double the number of respondents as last year, and gave participants the chance to self-assess the maturity of their cybersecurity programs leveraging the NIST Cybersecurity Framework (CSF) as the measuring stick. The report found that, for the second year in a row, 75% of survey respondents have a significant cybersecurity risk exposure. Incident Response (IR) capabilities are particularly underdeveloped. Nearly half of organizations characterized essential IR capabilities as “ad hoc” or “non-existent”, but organizations are more likely to accelerate programs to shore up cybersecurity capabilities once they have experienced a security incident that impacted the business. The survey also showed that most organizations continue to struggle to improve cybersecurity because they don’t understand how cyber risk can impact their operations.
There has been plenty of anecdotal evidence that companies tend to delay investments in cybersecurity until they experience the pain first hand. In addition, companies which primarily rely on a perimeter defence philosophy are disadvantaged in finding malicious activity, and risk public exposure of critical business assets. The results of the RSA Cybersecurity Poverty Index solidified this concept, reporting that the organizations that detect and experience frequent security incidents are 65% more likely to have developed or advantaged capabilities. This shows that organizations that regularly deal with security incidents accelerate moves to shore up security programs and end up with more mature capabilities. Organizations must focus on executing preventative strategies and make improving this a priority over other capabilities which are growing in importance such as detection and response.
One of the most significant changes from the 2015 survey was the increase in the number of organizations with mature cybersecurity programs. The percentage of organizations reporting advantaged capabilities – the highest category – increased by more than half over the prior Index, from 4.9% to 7.4%. But organizations’ overall perception of their cybersecurity preparedness continued to lag. The number of respondents reporting significant cybersecurity risk exposure stayed steady at nearly 75%, reflecting a growing disparity between the “haves and have-nots” in security preparedness.
The survey also showed that organizations continue to struggle with their ability to take proactive steps to improve their cybersecurity and risk posture. Overall, 45% of those surveyed described their ability to catalog, assess and mitigate cyber risk as “non-existent,” or “ad hoc” and only 24% reported that they are mature in this domain. The inability to quantify their Cyber Risk Appetite (the risks they face and the potential impacts on their organizations) makes it difficult to prioritize mitigation and investment, a foundational activity for any organization looking to improve their security and risk posture.
For the second year, the survey results highlight how critical infrastructure operators, the original target audience for the CSF, need to make significant steps forward in their current levels of maturity. Government and energy organizations ranked lowest across industries in the survey, with only 18% of respondents ranking as developed or advantaged. Organizations in the aerospace and defense industry reported by far the highest level of maturity with 39% of respondents having developed or advantaged capabilities. Financial Services organizations, a sector often cited as industry-leading due to the large volume of cyberattacks it faces, placed in between with 26% rating their firms as well prepared – down from 33% `a year ago.
The reported maturity of organizations in the Americas continued to rank behind both EMEA and APJ. Organizations in EMEA reported the most mature security strategies with 29% ranked as developed or advantaged in overall maturity while only 26% of organizations in APJ and 23% of organizations in the Americas rated as developed or advantaged. EMEA overtook APJ for the top ranking, moving up 3 percentage points while APJ dropped 13 points.
To assess cybersecurity maturity, respondents self-assessed their capabilities against the CSF, which designed to provide guidance based on existing standards, guidelines and practices for reducing cyber risks, and was created through collaboration between industry and government. While the CSF was initially developed in the United States with the aim of helping to reduce cyber risks to critical infrastructure, organizations worldwide have found it to be a prioritized, flexible, repeatable and cost-effective approach for managing cyber risk. Thus, it serves as an excellent baseline to assess any organization’s core cybersecurity and cyber risk management capabilities.
Organizations rated their own capabilities in the five key functions outlined by the CSF: Identify, Protect, Detect, Respond, and Recover. Ratings used a 5-point scale, with 1 signifying that the organization had no capability in a given area, and 5 indicating that it had highly mature practices in the area.
Amit Yoran, President, RSA, The Security Division of EMC
“This second round of cybersecurity research provides tangible evidence that organizations of all sizes, in all industries and from all geographies feel unprepared for the threats they are facing. We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response. Organizations need to set their agendas early, build comprehensive strategies and not wait for a breach to force them into action.”
How we use phones to avoid human contact
A recent study by Kaspersky Lab has found that 75% of people pick up their connected device to avoid conversing with another human being.
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much-needed comfort blanket in a variety of social situations when they do not want to interact with others. A recent survey from Kaspersky Lab has confirmed this trend in behaviour after three-quarters of people (75%) admitted they use a device to pretend to be busy when they don’t want to talk to someone else, showing the importance of keeping connected devices protected under all circumstances.
Imagine you’ve arrived at a bar and you’re waiting for your date. The bar is busy, and people are chatting all around you. What do you do now? Strike up a conversation with someone you don’t know? Grab your phone from your pocket or handbag until your date arrives to keep yourself busy? Why talk to humans or even make eye-contact with someone else when you can stare at your connected device instead?
The truth is, our use of devices is making it much easier to avoid small talk or even be polite to those around us, and new Kaspersky Lab research has found that 72% of people use one when they do not know what to do in a social situation. They are also the ‘go-to’ distraction for people even when they aren’t trying to look busy or avoid someone’s eye. 46% of people admit to using a device just to kill time every day and 44% use it as a daily distraction.
In addition to just being a distraction, devices are also a lifeline to those who would rather not talk directly to another person in day-to-day situations, to complete essential tasks. In fact, nearly a third (31%) of people would prefer to carry out tasks such as ordering a taxi or finding directions to where they need to go via a website and an app, because they find it an easier experience than speaking with another person.
Whether they are helping us avoid direct contact or filling a void in our daily lives, our constant reliance on devices has become a cause for panic when they become unusable. A third (34%) of people worry that they will not be able to entertain themselves if they cannot access a connected device. 12% are even concerned that they won’t be able to pretend to be busy if their device is out of action.
Dmitry Aleshin, VP for Product Marketing, Kaspersky Lab said, “The reliance on connected devices is impacting us in more ways than we could have ever expected. There is no doubt that being connected gives us the freedom to make modern life easier, but devices are also vital to help people get through different and difficult social situations. No matter what your ‘connection crutch’ is, it is essential to make sure your device is online and available when you need it most.”
To ensure your device lifeline is always there and in top health – no matter what the reason or situation – Kaspersky Security Cloud keeps your connection safe and secure:
· I want to use my device while waiting for a friend – is it secure to access the bar’s Wi-Fi?
With Kaspersky Security Cloud, devices are protected against network threats, even if the user needs to use insecure public Wi-Fi hotspots. This is done through transferring data via an encrypted channel to ensure personal data safety, so users’ devices are protected on any connection.
· Oh no! I’m bored but my phone’s battery is getting low – what am I going to do?
Users can track their battery level thanks to a countdown of how many minutes are left until their device shuts down in the Kaspersky Security Cloud interface. There is also a wide-range of portable power supplies available to keep device batteries charged while on-the-go.
· I’ve lost my phone! How will I keep myself entertained now?
Should the unthinkable happen and you lose or have your phone stolen, Kaspersky Security Cloud can track and protect your device from data breaches, for complete peace of mind. Remote lock and locate features ensure your device remains secure until you are reunited.
Five key biometric facts
Due to their uniqueness, fingerprints are being used more and more to quickly identify and ensure the security of customers. CLAUDE LANGLEY, Regional Sales Manager, for Africa at HID Global Biometrics, outlines five facts about the technology.
How many times in a day are you expected to identify yourself? From when you arrive at work you are required to sign in, visiting your bank, receiving healthcare services… The list is endless. When a system knows who you are, you are able to do any number common, everyday activities. Your identity is unique and precious. It is also easily stolen and the target of many hackers across the globe. Technology is constantly evolving alongside the criminal element, always looking for ways to protect data and identity. One such solution happens to be biometrics and it is rapidly gaining traction in our increasingly complex modern world.
Reliable, secure and fundamentally YOU, unique biometric traits such as fingerprints are being used by banks, enterprises and consumers to verify identity. Biometric solutions offer significant identity protection because they use unique biological details to ensure an account is only accessed by the account holder, a door only opened by the owner. Here are five things that are little known about this technology…
- The uncut identity. Your fingerprint is unique to you. Nobody can use a copy of it to impersonate you. Good technology is capable of scanning down into the layers of the fingertip to differentiate unique elements of a person’s fingerprint, this data is then encrypted and used as a key to unlocking whichever physical or virtual door that the biometric system protects.
- The living proof. No, there is nothing to the stories of fingerprints being used without their owner’s knowledge or permission. Biometric solutions can use specific variables to determine if the finger used to access the system is that of a present, living person. A copy or a fake cannot be used to access a cutting-edge biometric solution.
- Easy and convenient. Queues and documents and paperwork may well be a thing of the past should biometrics take a firmer grip of government and banking systems. The process of registering is easy, and access to identity documents and records is yours alone.
- Security blanket. A thousand passwords and a hundred post-it notes stuck on walls and drawers. An excel file with a list of sites and applications and their corresponding passwords, all a thing of the past. Nobody needs to remember their password with biometrics, they only need to show up.
- Anywhere is cool. Schools, airports, networks, offices, homes, toilets, banks, libraries, governments, border controls, immigration services, call centres, hospitals and even clubs and pubs – knowing “who” matters and biometrics can quickly and conveniently confirm your identity where needed.