Nearly half of Irish organisations unprepared for cyberattack
27 November 2014 | 0
Almost half of Irish organisations (47%) are not only unlikely to be able to detect a sophisticated cyberattack, a new survey has found that they are also unlikely to have the skills budget, skills or agility to deal with them.
According to the 2014 Ernst and Young (EY) Global Information Survey, while there is greater awareness of the prevalence of such threats, among Irish as well as other organisations globally, findings indicate that companies lack the agility, budget and skills to mitigate known vulnerabilities and successfully prepare for and address cyberattacks.
The survey was carried out among 1,825 organisations in 60 countries, including Ireland.
Although the vast majority (82%) of Irish respondents reported that security spending will increase somewhat over the next 12 months, worryingly, despite the expected increases in spend, more than half of Irish respondents still cite budget as their main obstacle to their cyber security programme.
Despite the expected increases in spend, more than half of Irish respondents still cite budget as their main obstacle to their cyber security programme
The findings echo several indigenous findings, such as those presented recently at IRISSCon, which showed that Irish organisations are still failing on the basics of information security, even in the face of ever increasing targeted and sophisticated attacks.
“Organisations now acknowledge that outright prevention of sophisticated cyberattacks is unrealistic and that only half of respondents are confident of detecting attacks,” said Hugh Callaghan, EMEIA Financial Services Advisory director, EY. “Enhancing the monitoring required to detect attacks and enable rapid response will require significant investment in a security operations centre capability, which is not widely reflected in short term budget expectations. This means that vulnerability to cyberattacks will continue and security functions will struggle in fully meeting the needs of the business.”
While external threats remain a constant in the survey, another common feature is the insider threat, whether malicious or not. This year’s survey has shown that nearly three quarters (71%) of Irish organisations regard their leading internal weakness as careless or unaware employees. This is often symptomatic of poor user awareness and a failure of IT to engage through education.
The survey said that the top two external threats cited by respondents were cyberattacks aimed at stealing financial information and malware threats (41% each). Recent media reports of sophisticated malware would appear to validate this view.
Organisations need to do a better job of anticipating attacks in an environment where it is no longer possible to prevent all cyber breaches, the survey found, and where threats come from ever more resourceful and well-funded sources.
Half (50%) of Irish organisations say that a lack of skilled resources is one of the main obstacles challenging their information security programme and only 6% of respondents have a threat intelligence team with dedicated analysts.
“The purpose of threat intelligence is to understand the threats specific to your organisation and inform rapid decision-making. This includes understanding ‘who’ and ‘what’ that is targeting you and your industry peers in order to anticipate attacks before they occur and to inform your prevention, monitoring and response activities” said Callaghan.
“Ireland continues to enjoy its international reputation as ‘the Silicon Valley of Europe’,” said Callaghan. “However, the results of the survey indicate that while they have come a long way, Irish organisations need to further educate themselves on the realities of cybercrime in order for Ireland to maintain its competitive edge as a leader in technology and digital services. Success in the digital economy is founded on trust and cyber security breaches can severely damage that trust. Ireland needs to be regarded as a safe place to do business online.