We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Bit9 + Carbon Black, which specialises in endpoint threat prevention, detection and response,has been working with researchers, Vanson Bourne, to conduct a cyber-security study which shows some continued weakness in the security regimes of some services, and an on-going state of fear and doubt about IT security generally.
The two key findings in the survey are that 64 percent of UK IT decision-makers said they expect their organisation to be the target of a cyber-attack within the next 12 months. Meanwhile, only 12 percent of IT organisations in the UK are completely confident that their endpoints are compliant with PCI DSS V.3.0.
The fear of cyber-attack is still high, and perhaps with some justification. They survey also showed that 32 percent of those surveyed confirm their business was hit by a cyber-attack during the past year, a figure that was compounded by the fact that many respondents admitted they were uncertain about their ability to detect a cyber-attack. Almost half of those surveyed said they did not even know if they had been compromised.
Highlighting the problem of blind spots on enterprise endpoints, 61 percent rated their ability to detect suspicious behaviour in advance of an attack as no better than average.
In organisations that use point-of-sale (POS) systems to process credit card payments, 70 percent admitted they had no way of knowing if their systems had been targeted. And only 20 percent were able to say with confidence that their POS systems had not been targeted by cyber-attack.
Among POS users, just over half were confident or very confident that their current security solution would be able to stop advanced threats or targeted attacks against their systems.
“Visibility is critical for effective security, yet these results show that far too many organisations don’t know what’s happening on their endpoints”, said Ben Johnson, chief evangelist for Bit9 + Carbon Black. “You can’t stop advanced threats and targeted attacks if you can’t see what’s happening. Prevention, detection and response are built on the ability to see all activity on every endpoint and server”.
The PSS compliance figure does indicate that may users have poor cyber-security safeguards for those systems that process credit card payments and handle customers’ personally identifiable information (PII).
While 94 percent of respondents said they have heard of PCI compliance, and 66 percent acknowledged that PCI applies to their organisations, only 21percent admitted they feel up-to-speed regarding PCI compliance requirements.
Almost half (46 percent) of respondents working in organisations with POS systems indicated that they cannot adequately monitor and control access to critical data on their endpoints (i.e., credit card data and personally identifiable information)—suggesting that endpoint systems and payment card data are largely unprotected and vulnerable to being breached.
Additionally, only one-fifth of those with POS systems could definitely say that their systems have not been targeted by cyber attacks, and almost half admitted that they have no way of being certain. Only 52 percent of POS users surveyed are confident, or very confident, that their current security system is able to stop advanced threats or targeted attacks against their POS systems.
“These results highlight a major lack of confidence and knowledge around PCI 3.0 with an urgent need for organisations to improve protection of endpoint systems and the credit card data they house, against cyber threats”, commented Christopher Strand, senior director, compliance for Bit9 + Carbon Black.
The survey, conducted by Vanson Bourne, covered 250 UK IT decision makers, working in organisations of at least 250 employees, across a spread of industries.
It also showed that only 10 percent of the IT budget is being spent on meeting new PCI 3.0 requirements (in organisations where PCI is relevant) only 12 percent of those in organisations where PCI compliance is relevant were completely confident that their organisation's retail endpoints are PCI compliant and endpoint vulnerability continues to be the biggest concern for38 percent of decision makers.
One starling fact to emerge is that, despite all the press coverage and hoopla, some 74 percent of respondents were still relying on systems running Windows XP. What is more, only 29 percent of these were expecting to deploy a new operating system in the near term, despite the fact that XP has well passed its end of life.
This then compares rather starkly with the survey result that 41 percent of respondents also see end-user machines such as laptops and desktops as being most vulnerable to cyber attack.
Looking at the source of possible cyber-attacks, 61percent saw disgruntled employees as being one of the top three most likely attackers—exceeded only by Anonymous or other hacktivists, at 86 percent and cyber criminals at 77 percent.
Responding to the findings, Strand added: “In an industry fraught with identity theft and cyber crime, it's essential that companies protect their customers’ credit card data and personal information. This can only be achieved by putting in place a positive security model that will monitor and control all servers, endpoints and critical data. Whilst the PCI regulations may seem intimidating, the results of a breach far outweigh the effort involved in ensuring your organisation is compliant.”
