Oct 10, 2014
An increasing number of companies are reporting information security incidents across the globe, yet businesses are spending less money on protection.
This is according to new statistics by PricewaterhouseCoopers (PwC), which revealed a 48 per cent rise in attacks this year, with the equivalent of 117,339 issues occurring a day.
The organization's 2015 Global State of Information Security Survey, published on Monday (September 30), found detected incidents have increased by 66 per cent on average over the last five years.
Worryingly, despite this rise, global information security budgets have remained stagnant over the same period.
Companies have spent 4 per cent or less of their IT expenditure on security since 2009. This year, security budgets decreased 4 per cent when compared with 2013.
On the other hand, the costs of cybersecurity failings are increasing, with enterprises reporting average financial losses of US$2.7 million a year. This is a 34 per cent rise on last year's data.
Furthermore, the number of significant economic hits - where the company lost revenues of $20 million or more - was nearly twice as high.
Oracle users were recently reminded of the dangers of malicious online activity after it was revealed a number of the company's database products had vulnerabilities.
The most major flaw potentially enabled a cybercriminal to breach databases remotely over a network without requiring usernames or passwords. Oracle released a patch in June that fixed the bug and over 100 other known security issues.
However, the news reinforces the importance of having adequate data security and Oracle disaster recovery measures. These are essential support systems for occasions when primary databases are at risk of downtime due to an attack or other issue.
"Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today's advanced attacks," stated Mark Lobel, PwC advisory principal for information security.
"It's critical to fund processes that fully integrate predictive, preventive, detective and incident-response capabilities to minimize the impact of these incidents."
Threats affecting every business
The PwC report said organizations of all sizes and industries are at risk of cybersecurity incidents, although smaller companies could be targeted more often in the future.
While large businesses detect a higher number of breaches, they also have more sophisticated security solutions. This means cybercriminals may begin to see middle-tier enterprises as more accessible.
"Unfortunately, these organizations may not yet have security practices in place to match the efficiency of large companies," said Bob Bragdon, publisher of CSO magazine, which released the incident report alongside PwC.
Typically, employees are the biggest problem, although the survey showed this was often unintentional. Personnel sometimes fall for online scams or lose mobile devices.
Staff were to blame 10 per cent of the time, while contractors, service providers and consultants still working for the company were responsible for 15 per cent of incidents.
"Many organizations often handle the consequences of insider cybercrime internally instead of involving law enforcement or legal charges. In doing so, they may leave other organizations vulnerable if they hire these employees in the future," Bragdon explained.
According to PwC, it is impossible to completely eradicate information security threats, but businesses must focus on having rapid detection and response functions. Executives were also urged to implement comprehensive policies that outline how the organization interacts with third parties.
David Burg, PwC's global and US advisory cybersecurity leader, said remaining vigilant is the key to success, particularly in today's rapidly changing corporate environment.
"Investing in robust internal security awareness policies and processes will be critical to the ongoing success of any organization," he added.