Lack of security intelligence is leading to cyber-attack security false alarms and vulnerable, exposed organizations
Dubai, UAE - More than two thirds (68 percent) of organizations lack the internal capabilities to protect against today's sophisticated cyber-attacks according to research by Symantec and Deloitte. With seven in ten IT decision makers lacking complete confidence in their company's cyber security policies, organizations in the Middle East are underestimating the risk of cyber threats.
Over half (56 percent) of IT decision makers do not believe their business has suffered a cyber-attack despite Symantec's 2014 Internet Security Threat Report suggesting otherwise. Furthermore, 62 percent of the survey respondents in the Middle East fail to treat corporate IP, customer, employee and financial information as completely confidential.
Simple procedures, such as installing security software are not considered a necessity by 41 percent of organizations, and only a quarter of organisations see regular training of employees as a necessity. This could leave businesses wide open to the consequences associated with an attack, including loss of revenue, intellectual property, and damage to its external reputation. With over a sixth (16 percent) of survey respondents having suffered cyber-attack false alarms, and with implications including a loss of connection to IT systems (87 percent), and a loss of data (77 percent), it is clear this has an impact on businesses. The survey results showed that 71 percent of these organization noticed a drop in production levels and 74 percent saw a drop in revenue until the system was turned back on.
"Symantec's Global Intelligence Network has identified a 91 percent increase in targeted attacks and a 62 percent increase in data breaches in 2013 over the previous year[1]. Cyber criminals have stepped up their game in the past year, and businesses have not kept pace. This latest survey demonstrates there is still a huge gap in security intelligence and understanding by IT managers on how to combat malware and cyber-attacks. Senior management needs to be more engaged and develop a strategic security approach to prevent the organization from being exposed with a potential for significant loss," said Bulent Teksoz, Technical Alliance Manager, Symantec.
In the Middle East, IT decision makers stated almost a third (30 percent) of employees in their company know how important information protection is. Despite this, 45 percent of IT decision makers in the Middle East rely on external influences, such as legislative changes, to drive information security policy decisions. This reactive approach could create a 'tick box' attitude to cyber threats, leaving the organization more vulnerable to attack if policies are not carefully coordinated and regularly updated across each business unit within the organization.
With cyber-attacks on the rise, nearly two thirds (63 percent) of IT Managers stated that third party cyber solutions are cost effective and can address the lack of knowledge and expertise with the most up-to-date technologies.
"The traditional discipline of security, isolated from a more comprehensive risk-based approach, is not enough to protect you. Through the lens of what's most important to your organization, you must invest in cost-justified security controls to protect your most important assets, but you must focus equal -- in some cases greater -- effort on gaining more insight into threats, and responding more effectively to reduce their impact" said Fadi Mutlak, partner and cyber-security leader at Deloitte Middle East.
Best Practices:
Know your data: Protection must focus on the information - not the device or data center. Understand where your sensitive data resides and where it is flowing to quantify risk and help identify the best policies and procedures to protect it.
Educate employees: Instil a culture of information protection, by providing guidance on company policies and procedures for protecting sensitive data on personal and corporate devices, and the associated risks to the business.
Implement a strong security posture: Strengthen your security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies.
Engage third parties: Experts, partners or consultants are able to supplement security intelligence and knowledge and bring business relevance to the technical insight.
About Symantec
Symantec protects the world's information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment - from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customer's confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at:
About Deloitte:
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.
Deloitte's professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They enjoy an environment of continuous learning, challenging experiences, and enriching career opportunities. Deloitte's professionals are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities.
About Deloitte & Touche (M.E.):
Deloitte & Touche (M.E.) is a member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is the first Arab professional services firm established in the Middle East region with uninterrupted presence since 1926.
Deloitte is among the region's leading professional services firms, providing audit, tax, consulting, and financial advisory services through 26 offices in 15 countries with around 3,000 partners, directors and staff. It is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has received numerous awards in the last few years which include Best Employer in the Middle East, best consulting firm, and the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW).
Earlier this year, Symantec announced an alliance with Deloitte to deliver an innovative cyber threat vulnerability management service to organizations who lack the intelligence and expertise needed to protect themselves. The integrated offering pairs Symantec's cyber intelligence and information protection technologies with Deloitte's consulting services. This enables businesses to outsource their cyber security to experts in the field for both technology and consulting services. The offering allows organizations to correlate and translate technical data into actionable, business insight.
If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at www.symantec.com/news.
Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
*This research was commissioned by Symantec and Deloitte, and conducted by independent research firm Edelman Berland in October-November 2014. It used an online questionnaire with 200 Middle East (Saudi Arabia and UAE) IT Decision Makers (IT directors or managers) in companies with over 50 employees.
© Press Release 2015