As many as three out of four organisations are at “significant risk” of being exposed to cyber security threats as many of them digitise their business tasks, security firm RSA has warned.
In an annual study released on Wednesday, the company found that a majority of organisations surveyed lacked the capability to protect their data, identify and detect threats, recover from an attack and respond adequately enough to it.
The study based its findings on responses from 878 participants from 81 countries and 24 industries. The lack of preparedness would have been startling, except that last year’s study also found three-quarters of organisations were at risk.
This year, many usually did not have a comprehensive incident response plan. Some had ad hoc arrangements. One reason, according to RSA, is failing to see the impact that a cyber attack can have on operations.
Many still rely on perimeter defences, the company noted, which are not enough to keep out hackers who have already infiltrated a network on the quiet.
This could be through malware that deceive users into giving control over or “zero-day” vulnerabilities that have not yet been publicised and patched.
Worryingly, government and energy organisations are the least prepared, RSA cautioned, with just 18 per cent of those surveyed deemed to be ready to address the risks.
The best prepared are those in the aerospace and defence industry, according to the RSA study. Thirty-nine per cent of the organisations in these sectors have systems and strategies in place to face online threats.
“We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasises detection and response,” said RSA president Amit Yoran.
“Organisations need to set their agendas early, build comprehensive strategies and not wait for a breach to force them into action,” he added.
