Cybersecurity Challenges

1. USB encryption

Almost half the respondents were lacking when it came to USB encryption. They failed to ensure that data from a device connecting to end points via USB was sufficiently encrypted, were it to end up in an unsecured or hostile environment.

2. Third party device connectivity

Some 35% of organizations aren’t controlling end point connectivity solutions like SD cards, Bluetooth, and Fire Wire, to limit the threats they potentially bring.

3. USB control

USB devices can be a significant vector for the distribution of cyber attacks. However, over 35% of respondents don’t control or limit any device connecting to end points via USB.

4. Data loss prevention

Some 37% of companies have no assurance against loss of information, documents, and IP.

5. Reverse engineering of malware

Only 39% of organizations are actively working on reverse engineering of malware, while 32% are still in an initial phase of developing this.

6. Emergency response team

Only 16% of assessments showed a fully capable emergency response team, while 51% of companies would be able to put together an emergency response team and are somewhat prepared to respond to a potential breach. However, 32% of organizations would fall short in responding, cleaning up, and analyzing a cyber attack.

7. Breach indicators

Reporting systems, log managers, security information, and event management (SIEM) systems automatically raise the alarm when indicators reach a point which is deemed unacceptable, reducing the potential impact to the network. Only 38% of organizations are actively monitoring their breach indicators, while 41% have only average capabilities of monitoring and interpreting these. Less than 20% are unable to clearly identify breach indicators as they occur.

8. Disk encryption

Full disk encryption protects against data theft and loss, especially in the case of a machine or device being removed from a secure environment. The responses show that less than 30% of organizations are enforcing disk encryption.

9. Application control

Less than half the respondents said their organizations are running an active application control programme, with 25% not actively controlling or limiting the applications within their network. Some 27% are enforcing some application control policies.

10. Mobile device management (MDM)

Although 26% of companies haven’t yet started to address the fact that mobile devices need to be protected to the same level as laptops or desktops, over half the organizations are actively running MDMt, while 22% have already started to enforce some MDM policies within their organizations.
These results show that an encouraging proportion of companies are actively deploying protection, but most don’t feel fully prepared and are focused on further optimization. None felt completely unprepared but all acknowledged a greater need for enhanced security.

Anurag