Research conducted by BSI’s Cybersecurity and Information Resilience centre of excellence has revealed that one in six European organizations are unprepared for a data breach. The research carried out for Cybersecurity Awareness month also highlighted that 39 per cent of organizations has experienced a data breach in the last 12 months. Three key areas were highlighted in the research:
Counteracting the cyber threat
Preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing are crucial steps for organizations. While 73 per cent of organizations who responded to the BSI research said that they were concerned about cybersecurity and were seeking solutions, alarmingly one in six organizations highlighted that they had no plan in place. When asked if their organization was undertaking cybersecurity testing, over a third stated that they weren’t, however, 59 per cent revealed that they were engaging in end-user security awareness programmes.
Rise in data breaches and cyber attacks
The BSI research highlighted that data breaches have been experienced by 39 per cent of organizations. This is concerning, considering the global ISACA State of Cybersecurity 2018 Report which revealed that 50 per cent has experienced an increase in the number of cyber attacks compared to last year. Data processing is a focus area this year with the introduction of the GDPR, with 45 per cent of organizations stating that they had a good understanding of their data landscape since it was implemented on 25 May. 68 per cent of the respondents, with the increased knowledge in place, had conducted a high-level IT risk assessment in their organization, with one in five having a documented and tested Incident Response Plan (IRP) in place.
Pitfalls in the migration of data
Cloud migration and cloud security have continued to grow and evolve this year, however, there are pitfalls to be aware of as part of an organizations cloud migration journey. Shadow IT** remains a key concern for businesses with 68 per cent of respondents stating data loss as the main threat, followed by unauthorized applications (15 per cent) and unauthorized devices (9 per cent) as well as data residency (8 per cent). 45 per cent of organizations have engaged with additional security controls based on the requirements of their cloud systems.
Commenting on the research, Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI, said: “Training and education are essential when it comes to achieving information resilience and it’s reassuring to see that organizations are actively implementing awareness programmes in the workplace. However, being proactive about cybersecurity is a company’s best defence and it is unfortunate to see that one in six organizations are unprepared for a breach and that over a third of companies aren’t’ partaking in testing within their organization.”
“The increase in imminent malware threats, the importance of complying with new data protection regulations, the treatment of Shadow IT, and the advances in social engineering have been at the forefront this year. At BSI we work with companies to implement tailored plans that incorporate training at all levels of an organization, from senior executives to junior employees, as well as cybersecurity testing services to identify and address any weaknesses. The cyber landscape is evolving, and organizations need to ensure that they are prepared so that they can remain resilient in protecting their information, people and reputation, both now and, in the future.” concluded Stephen.
For more information visit bsigroup.com/cyber-ie.