Cyber attacks are affecting all types of organizations, but big businesses that hold critical customer data are at the forefront of this battle. Information assurance is becoming a key concern. So what vulnerabilities remain, and how can businesses ensure their customers’ data is safe?
There isn’t any mistaking the trend; corporations are facing more cyber attacks than ever before. The sheer weight of all the personal, digital data they possess makes them prime targets, and big businesses in a variety of industries are facing clear cyber security challenges.
According to Symantec, the number of cyber attacks is on the rise, and they’re getting more sophisticated. In 2015, the firm claims there were a record-setting total of nine “mega-breaches,” and the number of exposed personal records reached 429 million. Spearphishing campaigns against employees hit 55 percent, and ransomware attacks increased by 35 percent. *
Frighteningly, Symantec claims the number of zero day vulnerabilities found in businesses more than doubled to 54, up by 125 percent from the year before.
It’s no wonder that according to a survey undertaken by CFO.com, cyber security is a top 10 business concern for 57 percent of respondents. **
As a result, information assurance is becoming a key concern for businesses hoping to protect as much of their customers’ data as possible.
What Are Big Businesses’ Top Vulnerabilities?
Larger businesses can often struggle to set clear cybersecurity strategies and implement effective responses to cyber attacks. This may be due to a lack of expertise or a shortage of skilled cybersecurity talent within the organization.
A Lack of Skills and Knowledge
According to a Frost and Sullivan study, conducted on behalf of (ISC)2, by 2020 there will be a shortfall of 1.5 million trained cyber security professionals. ***
This often translates into a lack of cybersecurity skills and knowledge at the C-suite level, potentially resulting in less visibility and investment. According to a Websense and Ponemon Institute survey, more than half of security professionals believe their organizations’ controls don’t provide protection against attacks. The survey found IT professionals said executives don’t appreciate the value of putting controls in place. ****
A Lack of Security Structure
Companies need to understand the importance of investing in both skilled talent and leading technologies. While they may possess cybersecurity talent within their ranks, if senior executives don’t heed the advice of these professionals they may not implement or invest in the best strategies and technologies.
According to global management consultant firm McKinsey, some of the biggest vulnerabilities lie in the fact that organizations don’t have the framework to make effective decisions, and that “much of the damage results from an inadequate response to a breach, rather than the breach itself." Additionally, businesses need to balance reducing risk against keeping up with business demands, with a minimal number of leaders realizing that cyber crime becomes expensive when technology investment is delayed. *****
Those organizations who want to implement an effective and holistic cybersecurity strategy will need to introduce information assurance professionals to their senior ranks. As part of this shift, these professionals will examine the vulnerabilities of an organization, how these risks can be mitigated and the best methods to protect private data.
What Vulnerabilities Are Set to Emerge?
The prolific use and capture of data is opening new vulnerabilities for businesses. According to Gartner, 6.4 billion Internet-connected devices will be in use worldwide in 2016, up 30 percent from the previous year. ******
This network of connected devices is opening new ways for cyber attacks to infiltrate both homes and businesses, making information assurance investments all the more crucial.
On the corporate side, Gartner also presents a number of growing vulnerabilities for businesses in the year ahead, including:
- Detection and response capabilities: Persistent attackers inevitably get around preventive controls, so using techniques such as machine learning, where computer programs teach themselves to develop based on new data they’re exposed to, can help reduce human error.
- Using evidence-based approaches: Businesses need to leverage evidence-based approaches to cybersecurity to ensure they continually learn from breaches and vulnerabilities.
- Reviewing risks: Many businesses, Gartner notes, don’t know what “taking a risk-based approach” means, compared to using a cybersecurity checklist.
- Adopting static security monitoring and enforcement policies: Businesses hoping to reduce cyber attacks must adopt these policies, as well as continually search for new methods using analytics and data operations.
Clearly, information assurance has become one of the most important problems facing businesses today. For those hoping to advance their career in the information assurance field, Regis University’s College of Computer and Information Sciences offers a range of information assurance degree programs.
Explore your options and discover whether a career in cybersecurity prevention could be the right fit for you. Request more information or call us at 877.820.0581 to speak to an admission counselor.
Visit our Resource Center for more details on the information assurance industry.