The Institute of Directors and Barclays have released a report today about how more than a third of businesses lack a formal strategy on cyber-attacks. In the survey of 845 members of the Institute of Directors, conducted in December 2016, 95 per cent of respondents said they considered cyber security to be quite or very important to their business, although 40 per cent of businesses said they would not know who to report incidents of cyber crime to. IT security experts from Cylance and Synopsys commented below.
Dr Anton Grashion, Managing Director-Security Practice at Cylance:
“This new report from Barclays and the Institute of Directors clearly shows that there is a striking divide between executives’ awareness that information security is a critical concern and their businesses’ actual state of defence readiness. The ability to prevent malicious software from executing on every network endpoint is absolutely critical, yet it’s telling that 39 percent worry about the security of their mobile laptops. There is great reason to worry when the vast majority of businesses are reliant on twenty-year-old antivirus technologies as their executives tote their organisations’ intellectual property – the crown jewels, as it were – around on their travels. It’s high time for even smaller corporations to investigate the vastly more effective next-generation endpoint security technologies.”
Adam Brown, Manager-Security Solutions at Synopsys:
“In a recent survey at a global security conference, Synopsys found that 73% of top security professionals think it likely that their organisations will be hit with a major data breach in the next 12 months – but they won’t have enough time, money, or skilled staff to handle the crisis. Responses to cyber-attacks can be hard to address without experienced specialists on hand, so the challenge is more than just knowing who to report the incident to. Organisations need to be prepared for such breaches, furthermore they should consider the process for dealing with product releases, compliance requirements.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.