[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
And so, now the news
* World Bank: Well-regulated FinTech boosts inclusion, fights cyber crime
* FERC Federal Energy Regulatory Commission : Issues Final Rule Directing NERC to Develop a New or Modified Reliability Standard For Supply Chain Risk Management
* 7 information security trends currently dominating the market
* 49,455 cyber crime incidents, just 302 convictions [India – Infographic]
* Cyber crime makes up 51% of fraud in England and Wales
* Cybersecurity: A vertical industry application?
* 3 ways phishing destroys marketing ROI
* When should push come to shove over cybersecurity?
* Here’s what your personal data is going for on the dark web
* Tools & Training To ‘Hack Yourself’ Into Better Security
* Location, location, location: Does it really matter where your data is stored?
* Digital trust could be the key to ensure personal health data
* Why IT Service Desk Should be your First Line of Defence
* Data security and breach notification in China
* Data security and breach notification in Hong Kong
* NASA Taps Former Microsoft Director as IT Security Chief
World Bank: Well-regulated FinTech boosts inclusion, fights cyber crime
FINANCIAL technology — or FinTech — is changing the financial sector on a global scale.
It is also enabling the expansion of financial services to low-income families who have been unable to afford or access them.
The possibilities and impact are vast, as is the potential to improve lives in developing countries.
The financial sector is beginning to operate differently; there are new ways to collect, process, and use information, which is the main currency in this sector.
A completely new set of players is entering the business.
All areas of finance — including payments and infrastructure, consumer and SME credit, and insurance — are thus changing.
With FinTech, regulators must adapt to the fast-changing landscape and to a new class of entrants, while ensuring a level playing field, protecting consumers and privacy, and guarding against money laundering and the financing of terrorism.
New questions arise, such as whether encrypted money transactions would promote financial inclusion while aiding anti-money laundering activities by reducing cash transactions and allowing greater traceability.
Mexico’s approach, of making the information required from account holders proportional to the size and frequency of their transactions, has proved an efficient way to supervise the financial system while keeping transaction costs low for low-risk clients.
This new risk landscape requires new ways of thinking about regulation and financial supervision.
This is particularly true with respect to cybersecurity risks, where banks and regulators have to depart from traditional supervision processes.
The combination of supervisory functions with technology is also key to increase the detection of illicit money flows, fraud and theft.
The imminent need to regulate FinTech effectively, as well as apply regulatory knowledge in news ways, is a stimulating challenge taken up by national and international institutions, often with the private sector.
The technological changes we’re seeing, together with regulatory support, will help accelerate billions more people to access finance to make their lives better and start tapping the benefits of development.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f160aabb3e&e=20056c7556
FERC Federal Energy Regulatory Commission : Issues Final Rule Directing NERC to Develop a New or Modified Reliability Standard For Supply Chain Risk Management
North American Electric Reliability Corporation to develop a new or modified Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.
The new or modified Reliability Standard is intended to mitigate the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c7d890ffe1&e=20056c7556
7 information security trends currently dominating the market
If you’re concerned about your company’s information security, you may be interested in learning about these seven different information security trends that are currently dominating the market.
1) Legislation and Information
This is an ongoing discussion in the information security industry, and so far, there has been no clear indication of how legislation, which is often trying to put rules on past situations, can keep up with the always-changing world of data security.
2) Big Data will result in Big Problems
Business owners need to question the validity of their data, their code, and all other information to make certain that the information they’re using is correct and current.
3) The Cloud
You should have full visibility of your data, including knowing where it’s physically being stored, what the provider’s security system is, and how they address vulnerabilities.
4) Ransomware
Either way, IT departments and data security companies have to step up to deal with this type of threat.
One way they are doing so is by using real-time network intrusion protection to see what unauthorized accounts are logged into the system and removing their access before they can do any damage.
5) Phishing
Many cyber-terrorists prefer phishing because it’s much easier than creating a virus or malware.
6) Known System Vulnerabilities
Make certain your systems have been fully patched and that you replace security systems that have known security issues and no available fixes for them.
7) The Internet of Things
All of these new internet-connected devices will have to have some kind of security in place to prevent unauthorized access.
Unfortunately, with so many new entry points to your system, it can be all but impossible to monitor every single one of them.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=59b54c38e1&e=20056c7556
49,455 cyber crime incidents, just 302 convictions [India – Infographic]
While there has been a steady increase in the number of cases registered to curb cyber crime, convictions are still slow.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1a55b06e60&e=20056c7556
Cyber crime makes up 51% of fraud in England and Wales
Of an estimated 3.8 million incidences of fraud in England and Wales over the year to end-March 2016, 1.9 million or 51 percent were cyber-related, affecting one in ten adults, according to experimental statistics published by the UK Office of National Statistics (ONS).
This is the first time the ONS has published official estimates of fraud and computer misuse and the independent statistics body claims the new questions, which were added to the Crime Survey in October 2015 represent a world first.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e1efbd0deb&e=20056c7556
Cybersecurity: A vertical industry application?
Cybersecurity has always been a horizontal technology practice that’s roughly the same across all industry sectors.
Yes, some industries have different regulations, use cases or business processes that demand specific security controls, but overall every company needs things like firewalls, IDS/IPS, threat management gateways and antivirus software regardless.
Generic security requirements will remain forever, but I see a burgeoning trend transforming cybersecurity from a set of horizontal technologies to a vertical industry application.
These drivers include:
* Increasing business focus on cybersecurity
* CISO progression
* Advancing regulations
* Industry-focused threats
* IoT
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5e1fb85b55&e=20056c7556
3 ways phishing destroys marketing ROI
Marketers rely on key performance indicators (KPIs) to prove their value to the business.
And email is a key driver of those metrics, generating more leads, conversions and revenue than any other distribution channel.
Unfortunately, the most valuable marketing channel is also the least secure.
In the first quarter of 2016, the Anti-Phishing Working Group (APWG) observed more phishing attacks than at any other time in history.
And this trend has big consequences.
Below, we explore three ways phishing destroys your marketing ROI — and what you can do about it.
1) Phishing destroys brand trust
2) Phishing reduces email marketing performance
3) Phishing erodes email marketing revenue
The reality is, no matter how sophisticated email authentication protocols become, some bad email will always reach the inbox.
Educating customers is a great way to mitigate the impact of those fraudulent messages.
Create a customer education portal, or remind customers that you’ll never ask them for certain information over email.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1d84986009&e=20056c7556
When should push come to shove over cybersecurity?
So how can business respond to their slick phishing emails and social engineering ruses?
One school of thought within cybersecurity circles argues for an aggressive stance, urging companies to force their employees to regularly change their passwords.
They argue that letting passwords go stale only raises the odds that hackers, given more opportunity to guess the right combination, will eventually hit pay dirt.
FTC Chief Technologist—and Carnegie Mellon computer science professor—Lorrie Cranor, argued recently that it’s time to rethink mandatory password changes.
She noted that when organizations force employees to frequently change their passwords, people “tended to create passwords that followed predictable patterns.”
In the end, however, the onus falls on the backend systems.
It’s up to the organization to equip administrators with tools to monitor the network for anomalies, which might suggest someone has attempted to access a legitimate user account.
With a window into the system, security monitors can discern the last time that users logged in to determine whether they are responsible for failed attempts at logging in.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=82cb45f97e&e=20056c7556
Here’s what your personal data is going for on the dark web
Here is what security software company Trend Micro claims this type of data is commanding today:
Credit card credentials: $15-$22
Spotify account: $2.75
Hulu account: $2.75
Netflix account: $1–$3
NOAA.gov account (FTP or SFTP access): $476
USPS.gov account (FTP or SFTP access): $680
CDC.gov account (FTP or SFTP access): $340
Western Union account: $6.80
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=610e106211&e=20056c7556
Tools & Training To ‘Hack Yourself’ Into Better Security
If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities.
When your network is under attack, your most valuable asset is time.
The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing.
Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved.
The first step in improving preparation is theoretical training in the latest tools, techniques and procedures.
Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation.
The next step is to introduce red team exercises.
Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks.
However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness.
External red team exercises offer a level of expertise that most organization don’t have internally.
But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside — and arm your blue team with the necessary skills to think like the red team and improve your security posture.
One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute.
The Cyber Guardians program consists of four core courses and corresponding certificates.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ffc116efea&e=20056c7556
Location, location, location: Does it really matter where your data is stored?
According to a recent study conducted by Red Brick Research on behalf of Volta Data Centres, 87 per cent of UK consumers would feel more confident if they knew their data was stored in the UK.
The survey clearly indicates that customers care about where their data is stored.
Despite clear concerns regarding companies’ data policies, the majority of consumers are still unaware of how their personal data is stored – 81 per cent fail to check how a company stores their personal data or for how long that data is held.
This is in stark contrast to the 49 per cent that actively check that security status of the website.
72 per cent specifically more confident about data being stored in London compared to other cities.
The primary concern is privacy laws – with 69 per cent admitting they would worry if they knew that their personal information was being held in countries that had different data protection laws to the UK.
Of these, 44 per cent would be most worried about their personal data if stored in Africa, followed by Asia (18 per cent) and Eastern Europe (17 per cent).
In addition, 67 per cent would worry if they knew that their personal information was being held in countries that had different security requirements to the UK.
The good news for businesses is that this level of awareness is driving demands for more information about a company’s data storage policies – and the younger generation is even more likely to be swayed by an organisation’s data location strategy. 72 per cent of 25 to 54 year olds confirm they would have more trust in an organisation that provided information about where it stored data – this rises to 87.8 per cent of 18 to 24 year olds.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=03ffbabc9d&e=20056c7556
Digital trust could be the key to ensure personal health data
Rachel Delphin, Tanium’s new head of product communications, joined the company from Twitter and joined us to discuss why the ‘broken system’ of cybersecurity lured her in, and why education is key to stopping threats.
So who is Tanium’s audience?
There are the obvious audiences, the people who cover engineering and innovation, and of course it’s people who will become customers of Tanium.
But it’s also engaged citizens and the companies they trust keep their information.
You came from Twitter (NYSE: TWTR), itself an influential platform that’s also had its share of product challenges.
What did you take away from that experience?
Product communications, generally speaking, is launching new products and features and communicating that to end audiences.
Here, the audience is different and obviously the products are different.
How would you describe that goal at Tanium?
It’s very much about the need to educate people on the state of the industry: that the system is broken, and the tools we’re using are out of date.
The transition into the era of electronic health records and health wearables has resulted in a plethora of electronic patient information including dates of birth, home addresses, social security records, insurance details and medical data.
This data is highly desirable on the black market.
But there are ways to prevent the risk for fraud.
I recently spoke to Brian Kalis, managing director of digital health at Accenture, to learn more.
Kalis and many others place great credence in the notion of “digital trust,” a combination of cybersecurity, privacy and “data ethics.” It extends beyond the notion of data security to an ethical viewpoint about “the handling, control and providence of data. about making sure data is accurate and handled effectively.
Digital ethics expands data security beyond pure safety to the decisions and actions you take to ensure that you are using that information responsibly for the people you serve as a steward of that information.”
“What we’re seeing is the raising of security up to the board level, executive level response, so a lot of the ways of protecting it start with the leadership and overall aspect of making security of data a priority and then extend this philosophy to all the employees in practice.
Then companies can move into more advanced ways of protecting the information internally, whether through using advanced analytics to detect both internal threats or misuses of information or external threats coming in.”
Kalis also believes the blockchain can be part of the solution, as it shifts the model from centralized control to decentralized power that’s ultimately controlled by the individual.
He cities the example of Estonia where blockchain technology is utilized to secure over a million healthcare records.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d93ad6d880&e=20056c7556
Why IT Service Desk Should be your First Line of Defence
The best defense against cyber-crime is knowledge, namely, knowing exactly what is going on inside an organizations’ network.
That’s why the IT Service Desk plays such a crucial role in identifying strange behaviors and meaningful trends.
After all, if a number of users’ PCs are running slowly, or a business application is frequently crashing, it could easily be a symptom of a wider cyber-attack.
Yet, users are unlikely to go running straight to the IT security department.
For this reason, the Service Desk is best placed to notice if any trends begin to appear which could warrant further investigation.
There are several measures that organizations can take to equip their Service Desk against cyber-crime.
Automated patching should proactively manage operating systems and application vulnerabilities and endpoint protections should ensure that only authorized applications run.
Taking the time to arm your Service Desk with these sorts of defenses will result in efficiency and, consequently, a well-secured operating system that blocks the majority of incoming threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7f1c3ebb40&e=20056c7556
Data security and breach notification in China
Article 13 of the Provisions on Protecting the Personal Information of Telecommunications and Internet Users imposes the following security requirements on telecommunications operators and internet service providers
The Provisions on Protecting the Personal Information of Telecommunications and Internet Users also require that telecommunications operators and internet service providers provide staff members with training in the relevant skills and responsibilities relating to the protection of personal information.
They must also conduct at least one self-audit of their data protection measures, record the results and promptly eliminate any security risks discovered during the audit.
There are no national-level requirements regarding notification of breaches.
However, under certain local consumer protection regulations, such as those in Shanghai, security breaches must be reported to the data subjects.
In the telecommunications and internet sector, if personal information is disclosed or may potentially be disclosed, service providers must take remedial measures immediately.
If the incident has or may have serious consequences, the service provider must report it immediately to the relevant telecommunications administrations and cooperate in the investigation carried out by the telecommunications administrations pursuant to the Provisions on Protecting the Personal Information of Telecommunications and Internet Users.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a3c2a2ee8c&e=20056c7556
Data security and breach notification in Hong Kong
Data users must take all practicable steps to ensure that personal data held by them is protected against unauthorised or accidental access, processing, deletion, loss or use.
If any personal data is transferred to a data processor, the data user must adopt contractual or other means to ensure that the data processor protects the personal data from any unauthorised or accidental access, processing, deletion, loss or use.
While there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner.
Industry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify individuals of any unauthorised access, use or loss of their personal data.
While there is no statutory requirement to do so, voluntary notification is generally recommended by the privacy commissioner.
Industry-specific regulators may also require companies in such regulated industries (eg, financial institutions) to notify them in the event of any unauthorised access, use or loss of personal data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2b7467089b&e=20056c7556
NASA Taps Former Microsoft Director as IT Security Chief
The National Aeronautics and Space Administration has named a former Microsoft Corp. director as its associate chief information officer for IT security, the federal space agency said this week.
Jeanette Hanna-Ruiz, who for the past three and a half years led teams at Microsoft’s consulting services business, takes over the post early next month, the agency said.
Ms.
Hanna-Ruiz, who was also named as a senior agency information security official, has more than 20 years of experience in cybersecurity, at both public and private sector organizations, according to her LinkedIn profile.
At Microsoft, she led the company’s identity management team and was its “public sector civilian” lead for cybersecurity, among other roles, the agency said.
Prior to that, she was a director of cyber forensics and information assurance at Computer Sciences Corp., from March 2011 until December 2012.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a7e2ee2a4&e=20056c7556
* Best practices in cyber vulnerability assessment
* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
* Will Faster Payments Mean Faster Fraud?
* Accenture : Data theft, malware infection big threat to digital businesses
* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
* Twitter Hacking and Social Media’s Risk to Executive Security
* Beyond Data: Why CISOs Must Pay Attention To Physical Security
* $2.7 Million HIPAA Penalty for Two Smaller Breaches
* Using compliance as a tool for change
* In the Breach War, File Protection Is Just as Important as Data
* Data security and breach notification in Finland
* ISO compliance in the cloud: Why should you care, and what do you need to know?
* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
* Breach notification reporting can be complicated without proper skills, tools
* Banks must do better on cyber security: KPMG
* Australia gets one-quarter of a minister for national infosec
* The Case for Continuous Security Monitoring
* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
* 5 Best Practices for Outsourcing Cybersecurity
* Most CISOs and CIOs need better resources to mitigate threats
Best practices in cyber vulnerability assessment
Here are the best practices for cyber vulnerability assessment.
First and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
Research other companies in your industry.
To know exactly which parts of your business structure need an assessment, you need to research your company’s processes with a focus on the systems that are critical to keeping your business running.
Once you’ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
Now that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you’re aware of the security systems you already have in place.
f you’ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what’s needed, you’re ready to perform your vulnerability scans.
f you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
Don’t wait.
Don’t second guess.
The assessment will produce recommendations for remediation that you should act on right now.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=602ae81b4f&e=20056c7556
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
A recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
“Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,” Scott writes.
In a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
While the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
The report provides an interesting perspective about the need for CISOs to ignore the hype surrounding “silver bullet” solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
“In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,” he writes.
And, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
According to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
“Vendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
The culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.”
In the report, the author offers strategic recommendations for calculating a cybersecurity solution’s ROI and uses a healthcare organization as an example.
The ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
The report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=55c4946589&e=20056c7556
Will Faster Payments Mean Faster Fraud?
Crowe contends that to ensure global payments interoperability, faster payments are a necessity.
The U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
Parry says the most fundamental risk to payments is poor identity management.
And it’s a legitimate concern.
After all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
And in a real-time or near-real-time environment, once the money is gone, it’s gone.
Unlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
Crowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
The top concern, she says, is “a faster process that is still secure for business.”
The Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
And the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
Faster payments will be part of that, but not all.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=543bd979d5&e=20056c7556
Accenture : Data theft, malware infection big threat to digital businesses
The new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
This insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
The survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
More than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
The survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
The findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
Despite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider data theft and malware infections (42 percent) in the next 12 to 18 months.
When asked about current funding and staffing levels some42 pe