While organizations continue to prioritize cybersecurity, they are more worried than ever about the complexity of the threat landscape.
The Global Information Security Survey investigates the most important cybersecurity issues facing organizations today. It captures the responses of nearly 1,200 participants around the globe from over 20 industry sectors. We base our findings and conclusions on those insights and our extensive global experience of working with clients to help them improve their cybersecurity programs.
Cyber resilience lost in a convergent world
In today’s online world, every organization is digital by default, operating with working cultures, technologies and processes of the internet era. Moreover, in the connected and convergent world delivered by the Internet of Things (IoT), the digital landscape is vast, with every asset owned or used by the organization representing another node in the network. It has never been more difficult for organizations to map the digital environment in which they operate.
Cyber attackers are well camouflaged: exposing the attackers requires cybersecurity defenses that identify the threat, even when it adopts the colors of its immediate environment.
Cyber attackers roam freely in this environment. They may be either indiscriminate or highly targeted, attacking large and small organizations in both the public and private sectors. They are well camouflaged: exposing the attackers requires cybersecurity defenses that identify the threat, even when it adopts the colors of its immediate environment.
Against this backdrop, organizations must consider their resilience in the context of different categories of threat:
- Common attacks: These are attacks which can be carried out by unsophisticated attackers, exploiting known vulnerabilities using freely available hacking tools, with little expertise required to be successful.
- Advanced attacks: Advanced attacks are typically carried out by sophisticated attackers, exploiting complex and sometimes unknown (“zero-day”) vulnerabilities using sophisticated tools and methodologies.
- Emerging attacks: These attacks focus on new attack vectors and vulnerabilities enabled by emerging technologies, typically carried out by more sophisticated attackers performing their own research to identify and exploit vulnerabilities.
Global Information Security Survey key findings