Employees emerged as one of the weakest links in the company’s defence systems
Ernst and Young’s Fraud Investigation & Dispute Services report states that a majority (about two third) of businesses were unable to detect a cyber incident in real time due to insufficient understanding of the motive behind the attack. Almost 89% stated a need to enhance cyber laws - 55% said laws need to be strengthened and 34% said they need to be more clear.
The report by EY’s Fraud Investigation & Dispute Services team comprises over 160 in-depth interviews with senior and mid management. Over 50% of the respondents employed from listed companies. Some key highlights of the report include:
No surprises but the insider threats have increased
One fifth of the respondents stated that employees are one of the weakest links in an organization’s defence mechanisms.The greatest threat for organizations is not to mitigate external threats, but manage insider threats as well. "Organizations should realize that insider threats could pose a significant risk to their proprietary information and it’s important to strike a balance in managing both internal as well as external risks to protect critical assets," stated the EY India report.
Social media – the big cybercrime vector
More than 90% of respondents identified social media as a big risk, possessing a high probability of being used to identify and target key individuals in organizations. The side effects of engaging a mobile workforce, a remarkable increase in the sharing of personal and professional information on social media channels, and gaps in protecting this information impose a significant cyber hazard. The Phishing or spoofing attacks are making employees even more vulnerable - thanks to the lack of awareness or training towards cyber security hygiene.
Cyber specialists are critical to deal with incidents
72% of the respondents believe their company’s IT security teams do not have enough specialists to deal with cybercrime incidents, directing companies to invest in quality staff who can tackle these concerns. Only 40% of the respondents believe their techniques around proactive monitoring of cybercrime are adequate.
Increased investments required in investigation capabilities
Less than half of the respondents surveyed are planning to increase cybersecurity spends, indicating that incident response is still not on the priority list. Organizations need to understand that the quantum of losses suffered because of a cyber breach will continue to escalate in the future, and there is a heightened need to make investments in building robust cyber diagnostic programs, provide remediation approach, cyber threat intelligence and incident response.