Cybercrime may be underreported, new study shows
Cybercrime may be drastically underreported, according to cybersecurity professionals in the ISACA’s new study.
The study, which surveyed over 1500 cybersecurity professionals worldwide, found that 75% of respondents believe most enterprises intentionally underreport cybercrime.
Alarmingly, 50% of all respondents believe this is true, even of companies that are legally required to report such incidents.
The finding casts doubt on the study’s assertion that attack frequency may be stabilising — where 46% of respondents reported increased attacks in 2018, compared to 50% in 2017 and 7% reported a decrease, compared to 6% the previous year.
Additionally, 79% of professionals still think it’s likely they’ll experience an attack in 2019.
Despite these expectations of a potential attack, which is most likely to occur through phishing, malware or social engineering, only 34% of cybersecurity leaders have high levels of confidence in their team’s ability to detect and respond to cyber threats.
HCL’s Fellow and Chief Architect, Cybersecurity and GRC, Renju Varghese, believes this is due to cybersecurity’s siloed and static approach.
“Many teams are missing significant attacks because they don’t have the size or expertise to keep up with attackers. Moreover, their existing security tools and processes are segregated and seldom work in tandem,” he said.
ISACA’s Director of Cybersecurity Practices, Frank Downs, said that implementing a cyber reporting structure and analysing prevalent attack methods and team readiness through continuing professional education could combat this.
Additionally, Downs believes that governance could also play a big role in teams’ confidence levels in cybersecurity — with the report showing that teams reporting to CISOs had higher levels of confidence than those reporting to CIOs.
BlueVoyant launches security ops platform
BlueVoyant's Cyber Defence Platform leverages AI to enable security operations that span an...
CrowdStrike launches next-gen MDR solution
The Crowdstrike Falcon Next-Gen MDR solution expands MDR operations beyond native endpoint,...
Cysurance to offer cyber insurance to Sophos customers
Australian Sophos customers will be able to take advantage of discounted cyber insurance provided...