Four out of five businesses do not have the infrastructure or expertise to spot and defend their organizations against incoming cyber attacks, according to a report by Ponemon Institute, ‘Security Beyond the Traditional Perimeter’.
The research reveals 61% of respondents either have no external threat intelligence gathering policy in place or an ad hoc policy.
18% stated they have a formal threat intelligence gathering process in place, but this is not necessarily applied to the whole organization. Only 17% have a formal process in place that is consistently applied across the business.
Poor awareness of risks
The main barriers to effective monitoring of Internet and social media threats was ‘poor awareness of the risks’, according to 50% of respondents, while 45% cited a ‘lack of knowledgeable staff’, or a ‘lack of technologies and tools’ (43%).
Almost 600 respondents at 500 different companies in the US were surveyed for the research.
The report reveals that “the 505 enterprises and financial institutions surveyed experienced an average of more than one cyber attack each month and spent an average of almost $3.5 million annually to deal with attacks.”
To achieve a robust cyber security posture and offer adequate protection from cyber threats, today’s organizations cannot only rely on expensive software.
The international standard ISO 27001 takes a holistic approach to information security and identifies the three fundamental domains of effective cyber security as people, processes, and technology. It sets out the requirements of an ISMS (information security management system) that can be independently audited and certified by an accredited certification body.
Free download: the ten critical ingredients to reduce your cyber risks
To find out how ISO 27001 can assist your organization in reducing its cyber risks, download our free green paper on Reducing Cyber Risks with ISO 27001.