Cyber resilience lost in a convergent world

  • Share

In today’s online world, every organization is digital by default, operating with working cultures, technologies and processes of the internet era. Moreover, in the connected and convergent world delivered by the Internet of Things (IoT), the digital landscape is vast, with every asset owned or used by the organization representing another node in the network.

It has never been more difficult for organizations to map the digital environment in which they operate.

Cyber attackers roam freely in this environment. They may be either indiscriminate or highly targeted, attacking large and small organizations in both the public and private sectors. They are well camouflaged: exposing the attackers requires cybersecurity defenses that identify the threat, even when it adopts the colors of its immediate environment.

Against this backdrop, organizations must consider their resilience in the context of different categories of threat:

  • Common attacks: These are attacks which can be carried out by unsophisticated attackers, exploiting known vulnerabilities using freely available hacking tools, with little expertise required to be successful.
  • Advanced attacks: Advanced attacks are typically carried out by sophisticated attackers, exploiting complex and sometimes unknown (“zero-day”) vulnerabilities using sophisticated tools and methodologies.
  • Emerging attacks: These attacks focus on new attack vectors and vulnerabilities enabled by emerging technologies, typically carried out by more sophisticated attackers performing their own research to identify and exploit vulnerabilities.

The responses of our annual Global Information Security Survey 2017-18 suggest that while organizations continue to prioritize cybersecurity — and are making good progress in identifying and resolving vulnerabilities — they are more worried than ever about the breadth and complexity of the threat landscape.

In a earlier survey, we identified the ways organizations could get ahead of cybercrime by following a three stage journey – Activate, Adapt, and Anticipate. This concept still applies, but our survey findings of the last few years show that there is still progress to be made in all three stages. However, in the face of today’s threats, many of the actions we identified as more advanced actions have now become more foundational.

For organizations to recognize the scale of the current challenge and understand what they need to do, they need to think about each of the following four areas.
(Click each area for more details):

 

EY - Today's attacks on the digital worldEY - How attacks unfoldEY - Why are you still so vulnerable?EY - The shift to Active Defense