Anyone who’s read the key findings from The Global State of Information Security Survey 2015 by professional services network PwC, saw that the total number of cyber security incidents detected by respondents (over 9,700 security, IT, and business executives) increased an astonishing 48% compared to 2013, climbing to 42.8 million incidents in 2014.
What’s even more alarming is that these security statistics are equivalent to over 117,000 incoming cyber attacks occurring each day.
If any organisation thinks they can dodge the bullet – more like a guided missile – they’ve got another thing coming.
Cyber attacks are here to stay. In fact, in its 2014 Global Risks report, the World Economic Forum rated cyber attacks among the top five risks in terms of likelihood.
It should come as no surprise then that industry experts are forecasting continued large spikes in information security threats throughout this year.
Here are 10 reasons why:
- Cyber criminals are clever. They are increasingly targeting small and medium sized companies as a way to get to larger organisations. While large companies have bigger volumes of valuable information, they typically have better security processes in place too. But they don’t always do a good job monitoring their partners, suppliers and supply chain. The PwC research showed a 64% spike in the number of incidents detected by medium-sized organisations.
- The numbers aren't accurate anyway. Many companies are unaware of attacks (it has been suggested that as many as 71% of compromises go undetected), while others don’t report them.
- Information security still doesn’t get the respect it deserves. Research, including Shred-it’s 2014 State of the Industry report, shows that businesses in the UK are complacent about their security policy, data destruction and data protection laws. The PwC survey found that global information security budgets decreased 4% compared with 2013.
- Lack of training. Just 51% of respondents provide security awareness and training, down from 60% last year.
- Lack of leadership. Only 49% of respondents have a cross-organisational team dedicated to information security.
- Insiders. Almost one-third of respondents said insider crimes are the most costly and damaging, yet many companies do not have a programme in place to deal with insider security threats.
- Legalities. 75% of respondents to the cyber crime survey do not involve the law when cyber crimes are committed by insiders. This means other organisations become vulnerable if they employ these people in the future.
- Service providers, consultants, and contractors. The percentage of incidents by current and former supply chain employees increased almost 20% in 2014. Just 54% of respondents to the PwC survey have a formal policy requiring partners to comply with privacy policies.
- Lack of talent. There have been reports of a shortage of experienced security professionals. The most skilled candidates are hired by bigger organisations.
- Connectivity. The Internet of Things is the massive network of gadgets, household appliances and personal products (think baby monitors, home thermostats, TVs, heart rate monitors) that interconnects information, operational and consumer technologies. The PwC report said increases in attacks on connected consumer devices are being seen. Many of these devices lack security safeguards.
It's important to remember that whilst cyber security threats are clearly increasing and, as a result, gaining significant media coverage, security of physical documents and data shouldn't be overlooked. Secure confidential shredding services provide an important aspect of information security. Take these additional security steps to safeguard your business.