Monday, October 19, 2015

Annual Cybersecurity Survey by PwC – Turnaround and Transformation

PwC’s annual cybersecurity survey – turnaround and transformation  
Attended the presentation by PwC which revealed a number of themes including: continuous investment/spend on cybersecurity and collaboration with others and big data (analytics) is a big factor in a cybersecurity program

Key findings by PwC’s survey:
  • 91% follow a risk-based cybersecurity framework
  • 69% use cloud-based cybersecurity services
  • 59% leverage Big Data to improve cybersecurity
  • 65% collaborate with others to improve cybersecurity
  • 54% have a CISO in charge of the information security program
Additional result / themes for all industry – further data analysis is available via their GSISS site
  • 31% experienced 50+ incidents while 7% don’t know
  • 20% will have an InfoSec budget of 1M-4.9M with next highest at 15% budgeted for 10M
  • Security safeguards will be implemented via (in order of majority): overall strategy, CISO in charge, awareness program, third-party, threat assessment and activity monitoring/analysis
  • The role of CISO/CSO or security exec will primarily focused on: approach as enterprise risk-mgmt issue, communication directly with CEO, etc., understanding business/competitive issues and environments
  • Cloud-based security adoption for security include (primarily) advance authentication and real-time monitoring/analysis

Finally, the financial sector analysis (other sectors forthcoming) revealed major challenges to be third-party, rapid evolution of technology, cross-board data exchange, mobile technology on the rise, and increased threats from outside the country.

5 comments:


  1. § 9 des IT-Sicherheitsgesetzes schreibt vor, dass Unternehmen bei der Risikobewertung in Bezug auf Cyberangriffe die ISO 31000 Norm berücksichtigen müssen. Diese Norm bietet einen systematischen Rahmen zur Identifikation, Analyse und Steuerung von Risiken. In der Praxis bedeutet das, dass Betriebe konkrete Bedrohungen wie die CVE-2023-23397 Schwachstelle im Microsoft Exchange Server berücksichtigen sollten. Methoden wie Risikoanalysen mit qualitativen und quantitativen Verfahren helfen dabei, Risiken präzise zu bewerten. Bei der Behandlung von identifizierten Gefahren ist eine klare Priorisierung notwendig, etwa durch Maßnahmen wie Patching oder Netzwerksegmentierung gemäß BSI TR-02102. Für eine nachhaltige cyber security weiterbildung empfiehlt es sich, regelmäßig Schulungen anzubieten, die auf den aktuellen Standardwerken basieren; mehr dazu findet man auf csvisor.

    ReplyDelete