Why the impact of data breaches will lead to collaboration in 2015

The impact of data breaches has been felt far and wide in 2014. This year alone saw Sony, JP Morgan Chase, European Central Bank and eBay fall victim to an attack. Large or small, every firm is faced with challenges around cyber security and how to protect its critical data. The increased dependency on technology, …

by | January 7, 2015 | NTT Com Security

The impact of data breaches has been felt far and wide in 2014. This year alone saw Sony, JP Morgan Chase, European Central Bank and eBay fall victim to an attack. Large or small, every firm is faced with challenges around cyber security and how to protect its critical data. The increased dependency on technology, combined with the evolving complexity of cyber security threats, continues to increase our vulnerability at a national, organisational and individual level.

In fact, our recent Risk:Value report, which was designed to assess the level of risk within organisations and the value that senior executives place on data security, found that 56% of businesses in the UK expect to suffer a security breach at some point. Yet, the same research revealed that less than half of all critical data is completely secure.

Whilst we know that a data breach is seen as bad for business, the attitudes to ownership and responsibility are mixed. Nearly half of UK business decision makers depend upon their IT security team to allow them to use and access work-related data safely whatever device they are using, but 34% see it as a joint responsibility between themselves and the security team. It’s clear that organisational culture needs to change, because security is everyone’s problem and everyone’s responsibility.

Incidents will no doubt rise and become more sophisticated and, left unchecked, threats will become harder to detect. In 2015, we will see momentum towards a collective responsibility for data security, and risk management will eventually earn a permanent place on the boardroom agenda. After all, security should be viewed as a shared responsibility that reaches well beyond the traditional view of it residing in a single department. 

The IT skills shortage

The challenge of security and risk management will further be compounded by the global skills gap. It’s no longer possible for many companies to tackle the growing problem in-house and it’s because there is an increasing lack of people with the right IT security skills, experience and availability to address this issue.

Evidence shows there is an ongoing recruitment challenge in the discipline of cyber security, and training and development challenges are often to blame. According to the ISACA 2014 APT Survey, 62% of organisations have not increased security training in 2014 but, on the other hand, the cost of breaches is thought to have doubled last year in the UK alone.

In addition, the Risk:Value report showed that 82% respondents understand the importance of their data yet levels of knowledge about that data, and the extent to which they are willing to commit IT budget to securing it, varies widely among senior business decision makers. Furthermore, almost a fifth think there would be no significant impact on their revenue in the event of a breach, while 28% admit they do not know what the financial implications would be.

The findings suggest that more focus could be given to prioritise resources to optimise IT security and risk management, yet we are seeing a widening gap in the number of IT security experts needed to manage the growing number of threats. Simply put, there are too many threats and not enough professionals in the industry.

The managed services solution

Whatever the reasons are for the skills shortage, businesses are faced with a growing volume of cyber attacks – and the consequences can be significant. There was a 48% year-on-year increase in the number of detected incidents in 2014, according to PwC, and the total financial losses attributed to security compromises increased by 34%.

Security and risk management are clearly important areas for any organisation but, with fewer skilled professionals, some organisations will struggle to do anything beyond keeping the lights on. The threat landscape will continually change, which means every company must consider its current risk exposure in the context of its commercial objectives.

More and more firms will therefore look towards trusted advisors to provide expertise in a collaborative way that meets their business objectives. As a result, managed and professional security services will play an increasingly prominent role across the whole organisation in 2015.

Hiring help from a third party provider enables the business to benefit from an independent assessment to help them understand its risk exposure, consider best practice, prioritise activities and articulate these at all levels of the business. It also addresses the issue around IT skills shortages. These partners take away the problem of there not being enough resource – they know how and where to find the right experts, invest in training and improving professional qualifications as well as make these experts available around the clock.

It’s worth noting, though, that businesses should take caution when thinking of working with a managed and professional security services provider. Not all are the same. Find one that is prepared to work within the business model and strategic aims – not to their own agenda. It’s about getting access to their collective global knowledge and systems, and highly experienced people. This will give the active threat management required to help mitigate risk at a time when the IT skills gap faced by businesses will be hard to fill in the foreseeable future.
 

By Stuart Reed, Global Product Marketing Director, NTT Com Security

Categories:

Resources

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Other | Behavior detection & predictive analytics Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Gresham Technologies

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Philip Flood, Business Development Director, Regulatory and STP Services, recently joined the ‘7 questions with…’ podcast with Gert Raeves of… Continue Reading

View resource
Real-time payments tech put pressure on banks

Best Practice | Behavior detection & predictive analytics Real-time payments tech put pressure on banks

Intix

Real-time payments tech put pressure on banks

The transformation to real-time has seen the market modernise, but there is a further need for banks to have the… Continue Reading

View resource
TransferGo Case Study - payments industry

Case Study | Behavior detection & predictive analytics TransferGo Case Study - payments industry

ReconArt

TransferGo Case Study - payments industry

Bank statement and Account Payables reconciliation. Seamless integration with NetSuite. TransferGo outlined two major product requirements. First – full… Continue Reading

View resource

New GFT podcast on AI

In the latest episode of our new podcast series on AI entitled ‘Artificial Intelligence, Intelligently Applied’, our host Simon Thompson… Continue Reading

View resource