Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

CYBER SECURITY CONFIDENCE UNDERMINED BY CONTRADICTING INVESTMENTS AS 39 PERCENT OF IT ORGANISATIONS EXPERIENCED MORE THAN TWO SIGNIFICANT SECURITY INCIDENTS

ForeScout Technologies has announced the publication of its 2014 Cyber Defence Maturity Report, which is currently available for download at www.forescout.com/stateofdefense. Independent research for the report was conducted by IDG Connect, and offers key insights into the nature of security issues impacting organisations; the perceived maturity of process, controls and tools applied to preempt and contain exposures; the state of confidence in security operations; and the most likely areas for future improvement and investment. Survey respondents included 1600 IT information security decision makers in organisations of more than 500 employees, and spanning five industries in the U.S. and Europe.

Key findings of the report revealed that more than 96 percent of organisations experienced a significant IT security incident in the past year. The majority of IT organisations are aware that some of their security measures are immature or ineffective, but only 33 percent have high confidence that their organisations will improve their less mature security controls. Also evident in the results, increasing operational complexity and threat landscape have affected security capacity as more than 43 percent perceive problem prevention, identification, diagnosis and remediation are more challenging than two years ago. On aggregate, one in six organisations had five or more significant security incidents in the past 12 months. While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful.

The full report and infographic can be downloaded at www.forescout.com/stateofdefense. Further regional and industry comparative differences will also be made available. Join IDG Connect and ForeScout on 31st July at 4:00 PM BST as they share research findings in a live webcast entitled “IT Cyber Defence – Progress and Denial” at www.forescout.com/sodwebcast.

Finding Highlights

The need to improve security management is evidenced by the growing number of industry and regulatory compliance frameworks specifying security measures and how sensitive information is protected both on and off-premise. Network complexity, exposure diversity and threat velocity are challenging security operations. But organisations don’t know where they stand and where they are going without a baseline. The survey, conducted and compiled by IDG Connect during May and June of 2014, illustrates the nature of security threats and the extent of defence maturity arrayed against organisations with more than 500 employees in the finance, manufacturing, healthcare, retail and education sectors in the U.S., U.K, Germany, Austria and Switzerland.

While the complete 2014 Cyber Defence Maturity Report offers more extensive data, analysis and inference, survey highlight results are:

  • One in six organisations had five or more significant incidents, and 39 percent had two or more incidents.
  • Top security incidents comprised of phishing, compliance policy violations, unsanctioned device and application use, and unauthorised data access.
  • 40 percent reported that security management tasks are more challenging now than two years ago; specifically problem prevention, diagnosis, identification and remediation.
  • Most frequent cited security issues were from malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage.
  • Control practices indicated as relatively immature were personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualisation security, rogue device and application security.  However, only 54 percent of respondents said they were somewhat confident in the likelihood of improvement over the next 12 months.
  • Over 61 percent cited low to no confidence on network device intelligence, maintaining configuration standards and defences on devices, and ensuring virtual machine and remote devices adhere to policy.
  • The top five security technologies perceived to have the greatest interoperability value were firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).

Industry and Regional Highlights 

  • Malware and APT attacks were rated as a top priority across all industries and regions, yet it appears that there is lower likelihood of investing further resources to reduce perimeter threats.
  • Significant compliance policy violations that consumed a large amount of time to recover from occurred an average of 2.6 times in the last 12 months on aggregate across all three regions, but more in the U.S. as compared to U.K. and DACH countries.
  • Finance, manufacturing and education sectors in general appear more prone to phishing attacks while the healthcare sector was more likely to experience higher than average compliance policy violations.
  • Healthcare was more concerned about data leakage monitoring issues compared to the finance, manufacturing, education and retail sectors.
  • Financial institutions were subject to more incidents caused by phishing attacks, compliance policy violations, unsanctioned application use, and data leakage, and overall found problem remediation more challenging compared to other sectors.
  • When it comes to policy definition, technical controls and mitigation capabilities, the education sector in general appears the least mature while the financial sector appears the most mature. In the U.K. also, the financial sector appears to be the most mature, but it is especially the healthcare sector in the U.K. that appears to be less mature.
  • 78 percent of respondents on average cited BYOD as having an impact on GRC. While the retail sector appears to be more progressive on BYOD security, in general, European respondents cited data wiping and encryption as having a higher impact on governance, risk and compliance (GRC).

“We are pleased to sponsor the 2014 Cyber Defence Maturity Report conducted by IDG Connect. The findings provide a useful snapshot of the state of exposures, controls and investment across global regions and industries,” said Scott Gordon, chief marketing officer at ForeScout. “The independent research clearly validates the need for continuous monitoring, intelligence and mitigation capabilities which are exemplified in ForeScout’s pervasive networks security solutions.”

CYBER SECURITY CONFIDENCE UNDERMINED BY CONTRADICTING INVESTMENTS AS 39 PERCENT OF IT ORGANISATIONS EXPERIENCED MORE THAN TWO SIGNIFICANT SECURITY INCIDENTS 1