While casting blame for your local team’s loss on Sunday may make for great sports talk, asserting blame for your company’s data breach is an uncomfortable exercise of self-effacement. It is a matter that many company leaders are struggling with. According to a recent survey conducted by the Ponemon Institute, 67% of CISOs expect a data breach or cyberattack in 2018.
The current approach to cybersecurity within the financial services industry is flawed. With regulations such as the new General Data Protection Regulation (GDPR) and New York State’s DFS Cybersecurity Regulation being enforced, putting ever greater pressure on data protection, combined with the fact that the financial services industry is one of the most targeted, regulatory and consumer eyes alike are firmly on financial institutions to improve their cybersecurity processes and models.
The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 percent of information security professionals reporting unfilled cyber/information security positions within their organization, according to ISACA’s cybersecurity workforce research.
A new research study, Cybersecurity: Perceptions & Practices, found that less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.
More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data.
Version 1.0 of the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) celebrated its fourth birthday in February. The CSF is a “risk-based approach to managing cybersecurity risk... designed to complement existing business and cybersecurity operations.” I recently spoke with Matthew Barrett, NIST program manager for the CSF, and he provided me with a great deal of insight into using the framework.
This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight artificial intelligence, ransomware attacks, vaping and cybersecurity regulations.