Given phishing and social engineering among cyber disruptions, there is a need for a stronger cyber resilience culture across organizations, and a focus on the human aspects of the threat. This is one of the findings of the Cyber Resilience Report, published by the Business Continuity Institute (BCI), with Sungard Availability Services (Sungard AS), a provider managed IT, cloud and recovery services.
With the WannaCry ransomware attack on the NHS and other places still fresh, it is clear that the cyber threat is very real with this one attack affecting almost a quarter of a million computers across 150 countries, the BCI points out. The UK-based Institute says that business continuity plays a key role in responding to an incident, and ensuring that the organization is able to manage through any disruption and so prevent it from becoming a crisis.
The report found that nearly two-thirds of respondents (64pc) to the global survey had experienced at least one cyber disruption during the previous 12 months, while almost 1 in 6 (15pc) had experienced at least 10. Of those who had experienced a cyber disruption, over half (57pc) revealed that phishing or social engineering had been one of the causes, demonstrating the need for users to be better educated about the threat and the role they can play in helping to prevent an incident occurring. The study also found:
– A third of respondents (33pc) suffered disruptions totalling more than €50,000, while more than 1 in 10 (13pc) experienced losses in excess of €250,000.
– one in six respondents (16pc) reported a single incident resulting in losses of more than €50,000.
– one in five respondents working for an SME (18pc) reported cumulative losses of more than €50,000. These are significant losses considering 40pc of SMEs involved in this study reported an annual turnover of less than €1 million.
– Phishing and social engineering are the top cause of cyber disruption, with over half of those who experienced a disruption (57pc) citing this as a cause.
– 87pc of respondents reported having business continuity arrangements in place to respond to cyber incidents, indicating that it is now widely accepted as playing a key role in helping to build cyber resilience.
– 67pc of respondents stated that their organization takes over one hour to respond to a cyber incident, while 16pc stated that it can take over four hours.
The number of respondents reporting top management commitment to implementing the right solutions to the cyber threat increased to 60pc, and according to the report authors this is likely due to a number of factors such as the media coverage of cyber security incidents, and the impending European Union General Data Protection Regulation (GDPR), which is due to come into force in less than a year and will have an impact on any organisation that holds data on EU citizens (and it will come in, in the UK, despite the June 2016 referendum vote to leave the European union).
David Thorp, Executive Director at the BCI, said: “Cooperation is key to building cyber and organisational resilience. Different disciplines such as business continuity, information security and risk management need to come together, share intelligence and start speaking the same language if they want to build a safer future for their organizations and communities.”
And Keith Tilley, EVP and Vice Chair at Sungard Availability Services, said: “Brexit and the pending EU General Data Protection Regulation (GDPR) have thrown up even more questions about data laws and compliance, so data sovereignty is a focus. Companies need to demonstrate a holistic understanding of where their data is hosted, where it’s backed up, moved and recovered, as well as who can see it along the way. The fact that data laws are constantly subject to change, with region and country specific regulation, means a headache for large organizations. Establishing how to meet these regulations, as well as global needs will be vital, as will the ability to handle data access, residency, integrity and security.”
In an interview in the July 2017 print issue of Professional Security magazine, David Thorp calls for a ‘resilience alliance’ between trade and indusgtry bodies in the business continuity and related sectors, around the common question of resilience.
For a free copy of the report, visit http://www.thebci.org/index.php/bci-cyber-resilience-report-2017.