EY identifies top cybersecurity threats in 2016
TORONTO, Jan. 25, 2016 /CNW/ - Cybersecurity is a growing threat for Canadian businesses – yet according to EY's Global Information Security Survey, more than one-third (36%) of organizations still don't believe they can detect sophisticated cyber-attacks. That number is lower than last year (56%), but still a concern as the level of sophistication in attacks continues to increase. Because of this, Canadian organizations in both public and private sectors are collaborating to respond to this threat more effectively and in a timely fashion.
"With the recent increase in adoption of threat intelligence services, we are seeing businesses start to take a very different and more proactive approach to information security," says Abhay Raman, EY's Canadian Cyber Security Leader. "The future will see more persistent, multi-vector targeted attacks on operational technology environments versus mass attacks."
As organizations strive to understand cybersecurity, these are six trends to watch in 2016:
- Cyber threats from the interconnected world
Approaches to cybersecurity will need to encompass the Internet.
- Growth in digital identities
Organizations must rethink how they recognize and treat identities by establishing robust data ownership and date protection policies.
- Hyper-regulation leading to a more complicated landscape
Organizations risk becoming so focused on complying with different requirements they won't be able to develop an overall strategic and balanced approach to cybersecurity.
- Criminal marketplace will become increasingly professional
Organizations should conduct a tailored threat assessment aligned to protect their most valuable data, and establish mitigation measures around vulnerabilities for access to it.
- Traditional models for defense are no longer adequate
Leading organizations need to look for ways to proactively engage their highest risk adversaries and protect critical data assets.
- Advanced "active defense" to detect and respond to advanced cyber-attacks
By applying "active defense" techniques and leveraging security analytics, organizations will be able to shift the paradigm from reactive to proactive.
According to EY's report, Creating trust in the digital world, likely sources of cyber-attacks depend on industry:
Top priorities for
Criminal syndicates: 52%
External contractors: 43%
Business continuity/disaster recovery resilience: 59%
Data leakage/data loss prevention: 50%
Incident response capabilities: 40%
Cyber attacks to steal financial information: 21%
Data leakage/data loss prevention: 67%
Business continuity/disaster recovery: 56%
Identify and access management: 56%
Power and utilities
Outdated security information,
careless or unaware employees, malware: 20% each
Business continuity/disaster protection: 52%
Data leakage/data loss prevention: 44%
Security operations, such as anti-virus, patching, encryption: 43%
"The key to effective use of threat intelligence lies in relating it to business context quickly, or face the inevitable drowning in a sea of irrelevance," says Raman. "Companies need to consider how to filter the useful information from the useless. In other words, they need to plan for this onslaught of data before they are buried in it."
According to EY's survey, the two top information security threats are phishing (44%), and malware (43%). EY has five recommendations for businesses to protect their employees and information:
- Identify the real risks (employees, hackers etc.)
- Prioritize what matters most
- Govern and monitor performance
- Optimize investments
- Enable business performance
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
SOURCE EY (Ernst & Young)