Anyone who’s read the key findings from The Global State of Information Security Survey 2015 by professional services network PwC, saw that the total number of cyber security incidents detected by respondents (over 9,700 security, IT, and business executives) increased an astonishing 48% compared to 2013, climbing to 42.8 million incidents in 2014.
What’s even more alarming is that these security statistics are equivalent to over 117,000 incoming cyber attacks occurring each day.
Now if any organization thinks they can dodge the bullet – more like a shotgun – they’ve got another thing coming as the expression goes.
Cyber attacks are here to stay. In fact, in its 2014 Global Risks report, the World Economic Forum rated cyber attacks among the top five risks in terms of likelihood.
It should come as no surprise then that industry experts are forecasting continued large spikes in information security threats in 2015.
Here are 10 reasons why:
- Cybercriminals are clever. They are increasingly targeting small and medium size companies as a way to get to larger organizations. While large companies have bigger volumes of valuable information, they typically have better security processes in place too. But they don’t always do a good job monitoring their partners, suppliers and supply chain. The PwC research showed a 64% jump in the number of incidents detected by medium-size organizations.
- The numbers aren't accurate anyway. Many companies are unaware of attacks (it has been suggested that as many as 71% of compromises go undetected) while others don’t report them.
- Information security still doesn’t get the respect it deserves. Research including Shred-it’s 2014 State of the Industry report shows that businesses in the U.S. and Canada are complacent about their security policy, document destruction and disposal, leadership, training, and privacy laws. The PwC survey found that global information security budgets decreased 4% compared with 2013.
- Lack of training. Just 51% of respondents provide security awareness and training, down from 60% last year.
- Lack of leadership. Only 49% of respondents have a cross-organizational team for information security.
- Insiders. Almost one-third of respondents said insider crimes are the most costly and damaging. Yet, according to the 2014 U.S. State of Cybercrime Survey many companies do not have an insider threat program in place.
- Legalities. 75% percent of respondents to the cybercrime survey do not involve the law when cyber crimes by insiders are committed. This means other organizations become vulnerable if they hire these people in the future.
- Service providers, consultants, and contractors. The percentage of incidents by current and former supply chain employees increased almost 20% in 2014. Just 54% of respondents to the PwC survey have a formal policy requiring partners to comply with privacy policies.
- Lack of talent. There have been reports of a shortage of experienced security professionals. The most skilled candidates are hired by bigger organizations.
- Connectivity. The Internet of Things is the massive network of gadgets, household appliances and personal products (think baby monitors, home thermostats, TVs, heart rate monitors) that interconnects information, operational and consumer technologies. The PwC report said increases in attacks on connected consumer devices is being seen. Many of these devices lack security safeguards.
Secure document shredding services provide an important aspect of information security. Take these additional security steps to safeguard your business.