Several organizations in India, belonging to an eclectic group of industry sectors have recorded an increase in cyber security attacks. 32% of the respondents to a survey (the State of Cyber security Part 2 from Information Systems Audit and Control Association) indicated that they had experienced a higher number of cyber-attacks than the previous year. Of the cyber security attacks, social engineering, Advanced Persistent Threats, and ransomware take away the prize for being the top 3 cyber-attacks.
The State of Cyber security Part 2 investigates the cyber threats scenario and the trends thereof. This includes collecting data points such as frequency of cyber security attacks and the types of attacks. Over on the good side, the report also takes a deep dive into the confidence in cyber security teams, patterns in cyber security awareness initiatives, and intricacies of the actual security operations being carried out as part of a business’s cyber security undertaking.
Change in volume and exploring new tactics
Although there has been an uptick in the number of cyber-attacks (1 in 3 responders stated they fell prey), there hasn’t been much of a change in the hackers’ end objectives in launching these attacks. Consequently, cyber criminals work on new methods as a mean of infiltrating systems, including social engineering, APT, ransomware, zero-day (unpatched systems), communication injections, authentication, and sensitive data exposure.
Moreover, 29% of survey report respondents claim that their business will probably experience a cyber threat in the coming years. Interestingly, the report also shows that 34% of the respondents feel companies under-report cyber security attacks. We believe it is due to the loss of ‘face’ in the business world to have undergone something like this.
On the flip side, 74% responders conduct regular cyber risk assessments at their organization, to maintain a healthy security posture and remain in regulatory compliance.
69% undertake this activity to actively prevent data loss. This is good news. It shows organizations feel the importance of taking a step back and assessing where they stand.
“With the increase in the number and rate of cyberattacks worldwide, cybersecurity professionals are facing a challenging threat landscape that requires constant vigilance,” David Samuelson, ISACA CEO, said. “These survey findings illustrate just how essential it continues to be for the global cybersecurity community to actively keep up to date with best practices and training, and ensure their teams are well staffed to detect and respond to attacks.”
Trends in cybersecurity responder teams and training
As the report data suggests, a majority of businesses prefer having a Chief Information Security Officer guiding the security practices, rather than a Chief Information Officer. Positively so, 40% of survey respondents stated that formal training in cyber security along with awareness drives have had a tremendous impact on improving their cyber security.