The Institute of Information Security Professionals (IISP) has announced the findings from its 2016 Member Survey. With over 2,500 members working in security across a wide range of industries and roles, including a significant proportion at senior/lead/CISO level, the results of the IISP study provide an accurate snapshot of the state of the UK’s cyber security landscape from those working on the front line.
The Member Survey reveals that, for over two thirds of those questioned, information security budgets have increased, while a further 15% said that they had remained the same. These are encouraging figures, but they do have to be examined alongside increasing risk.
The Member Survey also finds that 60% of respondents feel that budgets are still not keeping pace with the rise in the level of threats. Only 7% of security professionals report that budgets are rising faster than the level of threat.
“In times of financial pressure or instability, security is often seen as a supporting function or an overhead,” explained Piers Wilson, director at IISP. “Security budgets are hard won because they’re about protection against future issues, and so they’re a pretty good indication of the state of risk awareness in the wider business community. While it’s good news that businesses are increasing their investment, it’s clear that spending on security isn’t at a level that matches the changing threat landscape.”
Staff training and development
The IISP Member Survey finds that, when it comes to recruitment, there’s still a skills shortage. The problem, though, doesn’t just lie in the number of people. Respondents point towards a shortfall in the level of skills and experience, making staff training, development and retention crucial to the future of the industry.
The question: ‘As an industry, are we getting better or worse at defending systems from attack and protecting data?’ generated encouraging responses, with only 10% thinking that protection levels are declining.
With growing recognition that, despite every control and safeguard, a determined attacker will always be able to find a hole in the armour, the IISP Member Survey looked at incident response. Again, this resulted in a fairly positive picture with an impressive 49% reporting improvement.
Overall, the results of the IISP Member Survey show that there are growing challenges from more types of attack, more sources of threats, a greater reliance on increasingly complex IT systems, a shortage of effective security staff and a regulatory environment that’s both fluid and challenging.
However, the heightened awareness of security risks and the impacts of a breach are driving an increase in investment, skills, experience, education and professionalism.
“While there’s clearly much more work to be done,” concluded Piers Wilson, “the results of the IISP Member Survey are encouraging.”
*A copy of the IISP White Paper on the detailed results of the Member Survey is available at: http://IISP.informz.net/IISP/data/images/WhitePaperWebsite.pdf
Alert for businesses as cyber attacks set to double crime figures
Businesses have been alerted to protect themselves from increasingly sophisticated cyber criminals amid concerns that attacks are set to double the national crime figures.
Nick Marlow, director at Minster Micro Computers, has issued the warning to state that businesses are under ‘extreme risk’ as criminals create ways in which to simultaneously hack thousands of global IT systems.
The alert comes amid concern that crime statistics for England and Wales will double when the Office for National Statistics (ONS) begins to include the category of cyber crime alongside other forms of criminality (such as burglary) when it publishes its Crime Survey on 21 July.
A field trial conducted by the ONS last summer found 2.5 million incidents of ‘computer misuse’ affecting 46 out of every 1,000 adults in England and Wales.
“Viruses and other malware are constantly evolving, but the blunt truth for any business here in the UK is that if it doesn’t have adequate protection through properly deployed anti-virus software then the organisation will be attacked,” explained Marlow in conversation with Risk UK. “Online criminals are becoming increasingly sophisticated, and this means businesses could have their systems affected even if they’re not the intended target.”
Marlow added: “There are countless examples of where businesses have unintentionally sent spam e-mails to customers and compromised their security, personal information and reputation. Even worse, there’s a growing trend of businesses having their files encrypted and held to ransom. That’s just the tip of the iceberg.”
To combat the cyber criminals, Marlow insisted companies need to be proactive and carry out a full review of their network security, identify their potential failure points and review any disaster recovery plans in place.
“All desktop computers, laptops, mobile devices and servers connected to a network have to be protected,” urged Marlow. “Statistics show that people are more likely to be attacked through their computer than in person. It’s frightening but true, and that’s why businesses and individuals must take action, protect themselves with robust and more sophisticated anti-virus software and really fight back against the cyber criminals.”