More than two thirds (68%) of organisations lack the internal capabilities to protect against today’s sophisticated cyber-attacks according to research by Symantec and Deloitte. With seven in ten IT decision makers lacking complete confidence in their company’s cyber security policies, organisations in the Middle East are underestimating the risk of cyber threats.
Over half (56%) of IT decision makers do not believe their business has suffered a cyber-attack despite Symantec ‘s 2014 Internet Security Threat Report suggesting otherwise. Furthermore, 62% of the survey respondents in the Middle East fail to treat corporate IP, customer, employee and financial information as completely confidential.
Simple procedures, such as installing security software are not considered a necessity by 41% of organisations, and only a quarter of organisations see regular training of employees as a necessity. This could leave businesses wide open to the consequences associated with an attack, including loss of revenue, intellectual property, and damage to its external reputation.
With over a sixth (16%) of survey respondents having suffered cyber-attack false alarms, and with implications including a loss of connection to IT systems (87%), and a loss of data (77%), it is clear this has an impact on businesses. The survey results showed that 71% of these organisation noticed a drop in production levels and 74% saw a drop in revenue until the system was turned back on.
“Symantec ‘s Global Intelligence Network has identified a 91 percent increase in targeted attacks and a 62% increase in data breaches in 2013 over the previous year. Cyber criminals have stepped up their game in the past year, and businesses have not kept pace.
This latest survey demonstrates there is still a huge gap in security intelligence and understanding by IT managers on how to combat malware and cyber-attacks. Senior management needs to be more engaged and develop a strategic security approach to prevent the organisation from being exposed with a potential for significant loss,” said Bulent Teksoz, Technical Alliance Manager, Symantec.
In the Middle East, IT decision makers stated almost a third (30%) of employees in their company know how important information protection is. Despite this, 45% of IT decision makers in the Middle East rely on external influences, such as legislative changes, to drive information security policy decisions. This reactive approach could create a ‘tick box’ attitude to cyber threats, leaving the organisation more vulnerable to attack if policies are not carefully coordinated and regularly updated across each business unit within the organisation.
With cyber-attacks on the rise, nearly two thirds (63%) of IT Managers stated that third party cyber solutions are cost effective and can address the lack of knowledge and expertise with the most up-to-date technologies.
“The traditional discipline of security, isolated from a more comprehensive risk-based approach, is not enough to protect you. Through the lens of what’s most important to your organisation, you must invest in cost-justified security controls to protect your most important assets, but you must focus equal -in some cases greater – effort on gaining more insight into threats, and responding more effectively to reduce their impact” said Fadi Mutlak, partner and cyber-security leader at Deloitte Middle East.
Best practices
Know your data
Protection must focus on the information – not the device or data centre. Understand where your sensitive data resides and where it is flowing to quantify risk and help identify the best policies and procedures to protect it.
Educate employees
Instil a culture of information protection, by providing guidance on company policies and procedures for protecting sensitive data on personal and corporate devices, and the associated risks to the business.
Implement a strong security posture
Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.
Engage third parties
Experts, partners or consultants are able to supplement security intelligence and knowledge and bring business relevance to the technical insight.
*This research was commissioned by Symantec and Deloitte, and conducted by independent research firm Edelman Berland in October-November 2014. It used an online questionnaire with 200 Middle East (Saudi Arabia and UAE) IT Decision Makers (IT directors or managers) in companies with over 50 employees.