KuppingerCole’s Top Cyber Threats - How to protect your Business
April 2015 by KuppingerCole
Cyber threats are leaving even large and well established businesses exposed to significant business risks, such as damage to brand and reputation, and massive financial losses and fines. KuppingerCole recently published an Advisory Note authored by Amar Singh, Senior Analyst at KuppingerCole, which discusses the most critical threats and tactical countermeasures that can help organizations understand and counter these threats.
Businesses operating in cyber space are finding it increasingly challenging to protect their brand reputation and avoid the business impact of cyber-attacks. While the total global spending on information security in 2014 surpassed $75 billion, the total cost of digital crime and theft of intellectual property reached $445 billion. According to the Centre for Strategic and International Studies (CSIS), this covers the cost for protecting both organizations and individuals, which are facing various cyber security threats, notably cyber-crime and online industrial espionage.
It would not be an exaggeration to say that the next five years will see every organization, small and large, undergoing considerable digital transformation and in consequence becoming increasingly dependent on cyber space. ”It is reasonably safe to predict that in 2015 and beyond we will likely see more complex and larger scale attacks, like that on Sony Pictures Entertainment, with greater impact on the bottom line for businesses” says analyst Amar Singh.
The World Economic Forum shares the same opinion as Singh and has listed cyber-attacks in their 2015 “Ten Global Risks” in terms of likelihood.
For successfully dealing with the increasing threats in cyber space KuppingerCole advises organizations to:
• Adopt a business focused strategic approach to information security, relating cyber-risks to their business impact;
• Understand the business specific threats and the types of attackers along with their motivations;
• Consider information security a separate core business function, not simply a part of IT;
• As a minimum, adopt and align information security practices with a recognized international standard;
• Focus more on monitoring and response technologies and processes for rapid identification and response to attacks.
In addition, for Amar Singh there are tactical countermeasures that an organization can quickly implement, starting with identifying cyber risk and explaining these to the executive management and the board. This is part of adopting a risk based tactical approach to implementing technical and process based security controls. “Whatever the business requirements are, information security must become a business imperative and board issue for every business, small or large”, says Singh.
According to KuppingerCole a security strategy that is part of the overall business strategy and that supports the business objectives is fundamental to ensuring an organization’s long term ability to monitor for, respond to, and prevent cyber-attacks.
“Where in the past cyber-attacks generally affected virtual systems like websites and software systems, the attacks nowadays have significant impact on the physical world- real world destruction and real impact on ways of working”, explains Singh.
Amar Singh’s advisory note catalogues the latest cyber threats facing organizations in 2015 and beyond. However, in order to better understand the nature of threats the note also examines the type of attackers and their motivations to attack and offers some insight into why such attacks take place.