The growing onslaught of cyber security attacks reflect a rapidly evolving criminality whose impact is near-unanimously expected to continue growing as mobile compromises, financial fraud and organised groups of fraudsters outweigh other risks such as those posed by supply-chain partners, a recent survey of IT decision makers has found.
Conducted by Ipsos MORI on behalf of BAE Systems Applied Intelligence, 84 per cent of the respondents to the the Rise of Digital Criminality report – who hailed from the UK, US, Australia and Canada – said that the number of cyber attacks was likely to increase, even as 30 per cent said they did not have crisis response plans in case their organisation was hit by a cyber attack.
Australian companies were less concerned about the number of attacks increasing significantly – only 37 per cent agreed, compared with 50 per cent in the UK, 38 per cent in the US and 30 per cent in Canada – but were the "least confident" in terms of their ability to prevent targeted attacks and their organisations' understanding of the risks from new threat vectors, the report found.
"This is mirrored by a lesser awareness of protective initiatives than in other regions," its authors advised. "Over 50 per cent of respondents were unaware of these initiatives before our research."
In Australia and elsewhere, better intelligence about upcoming attacks was only seen as being marginally effective, with just 47 per cent of respondents confident that better threat intelligence would help their boards take action against cyber risks.
"Cyber fraud on an industrialised scale will be one of the top priorities for many organisations going forward," the report warns. "Changing business practices and an increasing reliance on inter-connected critical systems and infrastructure are all increasing our vulnerability to attack."
Although many security experts have warned about the potential for insecure business partners to compromise the integrity of increasingly-connected supply chains, the Ipsos MORI research found that 61 per cent of respondents still do not consider supply chain partners to represent "a major cyber security threat" to their businesses.
The survey found distinctive differences between industry sectors, with banking and insurance companies generally confident that "effective action" has been taken to mitigate cyber security risks. Energy organisations were more worried about targeted infrastructure attacks, while telecoms companies were generally less confident about how well protected they are.
This article is brought to you by Enex TestLab, content directors for CSO Australia.