{"id":2631,"date":"2019-06-05T23:15:21","date_gmt":"2019-06-05T23:15:21","guid":{"rendered":"http:\/\/www.blackopspartners.com\/?p=2631"},"modified":"2019-06-05T23:15:21","modified_gmt":"2019-06-05T23:15:21","slug":"cyber-crime-widely-under-reported-isaca-study-shows","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/cyber-crime-widely-under-reported-isaca-study-shows\/","title":{"rendered":"Cyber crime widely under-reported, Isaca study shows"},"content":{"rendered":"\n<p><strong>Cyber crime, which is the top cyber threat to business, remains widely under-reported, and only a third of organisations are confident in their ability to detect and respond to threats, a study reveals<\/strong><\/p>\n\n\n\n<p>Cyber attack vectors remain largely the same year over year, attack volume will increase and cyber crime may be vastly underreported, according to the 2019&nbsp;<em><a href=\"https:\/\/cybersecurity.isaca.org\/state-of-cybersecurity\" rel=\"nofollow noopener\" target=\"_blank\">State of cybersecurity<\/a>&nbsp;study<\/em>&nbsp;from global IT and cyber security association Isaca.<\/p>\n\n\n\n<p>\u201cUnder-reporting cyber crime \u2013 even when disclosure is legally mandated \u2013 appears to be the norm, which is a significant concern,\u201d said&nbsp;<a href=\"https:\/\/www.techtarget.com\/contributor\/Gregory-Touhill\" rel=\"nofollow noopener\" target=\"_blank\">Greg Touhill<\/a>, Isaca board director, president of Cyxtera Federal and the first US Federal CISO.<\/p>\n\n\n\n<p>\u201cHalf of all survey respondents believe most enterprises under-report cyber crime, even when it is required to do so.\u201d<\/p>\n\n\n\n<p>The survey of more than 1,500 cyber security professionals around the world, sponsored by HCL, also reveals that only a third of cyber security leaders have high levels of confidence in their cyber security team\u2019s ability to detect and respond to cyber threats.<\/p>\n\n\n\n<p>The highest levels of confidence are correlated with teams that report directly into the CISO, and the lowest levels are correlated with teams reporting into the CIO. According to the study, 43% of respondents say their teams report to a CISO, while 27% report to a CIO.<\/p>\n\n\n\n<p>\u201cWhat we can conclude from this year\u2019s study is that governance dictates confidence level in cyber security,\u201d said Frank Downs, director of Isaca\u2019s cyber security practices. \u201cWhen the cyber security team reports directly to a designated and experienced cyber security executive, team leaders have significantly more confidence in their teams\u2019 capability to detect attacks and respond effectively.\u201d<\/p>\n\n\n\n<p>The survey indicates that enterprises often experience confusion when structuring cyber security with information technology. The survey report points out that a CIO\u2019s main goal is managing and implementing information technology, which is substantially different to securing and protecting it.<\/p>\n\n\n\n<p>Where security reports to a CIO, the survey report said cyber security can become a secondary consideration, leading to a team\u2019s lack of confidence in being cyber read. A higher percentage of respondents are confident in cyber security reporting to the CEO than to the CIO, the survey shows.<\/p>\n\n\n\n<p>Part 1 of the Isaca report, released in March, highlighted workforce trends and challenges, while Part 2, released at&nbsp;<a href=\"https:\/\/www.infosecurityeurope.com\/en\/about\/\" rel=\"nofollow noopener\" target=\"_blank\">Infosecurity Europe 2019<\/a>&nbsp;in London, covers attack trends.<\/p>\n\n\n\n<p>The second part of the report shows that the top three threat actors remain cyber criminals, hackers and non-malicious insiders.<\/p>\n\n\n\n<p><a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/phishing\" rel=\"nofollow noopener\" target=\"_blank\">Phishing<\/a>, malware and&nbsp;<a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/social-engineering\" rel=\"nofollow noopener\" target=\"_blank\">social engineering<\/a>&nbsp;top the list of prevalent attack types for the third year in a row.&nbsp;<a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/ransomware\" rel=\"nofollow noopener\" target=\"_blank\">Ransomware<\/a>, however, is significantly down from 2018, with 37% of organisations reporting that they experienced ransomware in last year\u2019s study, compared with 20% this year.<\/p>\n\n\n\n<p>Just under half of organisations report an increase in cyber security attacks on their organisation this year, and 79% say it is likely they will experience a cyber attack next year.<\/p>\n\n\n\n<p>\u201cThe cyber landscape is complex. Cyber security, though in focus today, suffers from a siloed and static approach,\u201d said Renju Varghese, fellow &amp; chief architect, cyber security &amp;&nbsp;<a href=\"https:\/\/searchfinancialsecurity.techtarget.com\/definition\/Governance-Risk-and-Compliance\" rel=\"nofollow noopener\" target=\"_blank\">GRC<\/a>, at&nbsp;<a href=\"https:\/\/www.hcltech.com\/\" rel=\"nofollow noopener\" target=\"_blank\">HCL Technologies<\/a>.<\/p>\n\n\n\n<p>\u201cMany teams are missing the attacks that significantly impact organisations because they don\u2019t have the size or expertise to keep up with the attackers and are overwhelmed. Moreover, their existing security tools and processes are segregated and seldom work in tandem, leaving the teams staring at multiple consoles and drowning in alerts and incidents.\u201d<\/p>\n\n\n\n<p>However, according to Isaca\u2019s Frank Downs, organisations can better prepare for the threats posed by cyber criminals by carefully analysing the variables that contribute to incident susceptibility and team inefficiency.<\/p>\n\n\n\n<p>\u201cSpecifically, analysing key organisational attributes identified in the&nbsp;<em>State of cybersecurity<\/em>, such as cyber reporting structure, prevalent attack methods and team readiness through a culture of continuing professional education, organisations can increase their resilience to potential incidents,\u201d he said.<\/p>\n\n\n\n<p><em>Read more at <\/em><a rel=\"noreferrer noopener nofollow\" aria-label=\"Computer Weekly (opens in a new tab)\" href=\"https:\/\/www.computerweekly.com\/news\/252464401\/Cyber-crime-widely-under-reported-Isaca-study-shows\" target=\"_blank\"><em>Computer Weekly<\/em><\/a><em>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber crime, which is the top cyber threat to business, remains widely under-reported, and only a third of organisations are confident in their ability to detect and respond to threats, a study reveals Cyber attack vectors remain largely the same year over year, attack volume will increase and cyber crime may be vastly underreported, according [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/2631"}],"collection":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/comments?post=2631"}],"version-history":[{"count":0,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/posts\/2631\/revisions"}],"wp:attachment":[{"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/media?parent=2631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/categories?post=2631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blackopspartners.com\/wp-json\/wp\/v2\/tags?post=2631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}