1 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs of its customers is a top priority. In order to keep track of these needs and keep concentrating on developing technologies and solutions for which there is real demand, Kaspersky Lab conducts regular surveys focusing on the key IT security issues and cyberthreats which worry businesses. In 2011, Kaspersky Lab, in partnership with research company B2B International, carried out its first global survey of IТ professionals from small, medium-sized and large companies around the world. The survey aimed to find out what representatives of these companies thought of corporate security solutions, to ascertain their level of knowledge about cyberthreats, what cybersecurity related problems they most often face, how they address these problems and what they expect in the future. In 2013, Kaspersky Lab and B2B International conducted the third of these surveys. The results provided below reflect the opinions of companies on key issues related to the security of the corporate IT infrastructure. They also reflect the changes that have taken place since the previous two studies. Comparing current and historical data helps to identify and analyze existing trends in this area, ultimately creating a complete and, we believe, objective picture of the threat landscape, as well as future problems and trends affecting corporate IT security.
2 The main findings According to the survey results, one of the major problems facing businesses is the creation of a clear IT infrastructure development strategy with an information security strategy at its heart. Companies are increasingly determined to secure their IT infrastructure in the light of increasing numbers of incidents and significant financial losses associated with them. The main findings of the survey are: Maintaining information security is the main issue faced by a company's IT management. In the past 12 months, 91% of the companies surveyed had at least one external IT security incident and 85% reported internal incidents. A serious incident can cost a large company an average of $649,000; for small and medium-sized companies the bill averages at about $50,000. A successful targeted attack on a large company can cost it $2.4 million in direct financial losses and additional costs. For a medium-sized or small company, a targeted attack can mean about $92,000 in damages almost twice as much as an average attack. A significant proportion of incidents resulting in the loss of valuable data were internal, caused by issues such as unclosed vulnerabilities in software used by the company, intentional or negligent actions of employees or the loss or theft of mobile devices. Personal mobile devices used for work-related purposes remain one of the main hazards for businesses: 65% of those surveyed saw a threat in the Bring Your Own Device policy. Information leaks committed using mobile devices intentionally or accidentally constitute the main internal threat that companies are concerned about for the future.
3 Countries Covered The B2B International survey is based on 2,895 interviews with IT professionals working in companies from 24 countries across the globe. All respondents had an influence on their companies' IT policies and a good knowledge of both IT security risks and the operation of non-it divisions of their companies. Most of the companies that took part in the survey can be divided into two large groups. The first comprises medium-sized businesses with 100 to 1500 workplaces equipped with workstations which have Internet access, plus a small number of small companies with 10 to 99 computerized workplaces. The second large group of respondents comprises representatives of large companies with 1500 or more computerized workplaces.
4 The IT Function Concerns As in 2012, preventing IT security incidents and protecting data were the two main priorities cited by IT professionals when discussing components of the corporate IT strategy. Over a third (34%) of respondents ranked protection from incidents as the top priority a 3% increase on the previous year. Another notable change since 2012 is an increase in concerns expressed by IT professionals about the management of their companies' IT systems and infrastructure. This issue has moved up from sixth to third position on the list of IT management priorities. The fact that it ranks next to IT security is no accident: companies are increasingly aware that unpatched, vulnerable software is systematically used on corporate computers and a large number of unaccounted-for mobile devices are used to process information that is directly related to the company's business. This can result in incidents involving important data being leaked. Overall, the need to develop a considered IT strategy which includes, among other elements, IT security measures, is one of the top five issues requiring the attention of top managers. About a third of all respondents (31%) emphasized the importance of developing an IT strategy, making this a higher priority than the need to develop a marketing strategy or a staff recruitment and development strategy.
5 Perception of daily malware discovery rates: 6% accuracy As the survey has demonstrated, the overwhelming majority of companies underestimate the scope of new cyberthreats appearing daily. According to Kaspersky Lab, about 200,000 new malware samples appear every day. Only 6% of the respondents provided estimates that were close to this figure, while about 90% gave significantly lower estimates and 4% significantly higher. Although this figure alone cannot provide an objective measure of the extent to which businesses are prepared to protect themselves from IT security incidents, accurately assessing the level of threat can seriously affect decisions made by companies in choosing the tools for securing their IT infrastructure.
6 Steps taken to minimize risk Anti-malware solutions are the most common way of securing a corporate IT infrastructure. About 71% of respondents reported that their organizations had fully deployed such systems. It is also common for companies to use tools to manage regular software updates (54%), but the proportion of such companies was 9% lower than in the previous year. Managing access rights to different parts of the IT infrastructure is another common practice, used by about 52% of the companies surveyed. About 50% of the respondents said they isolated critical parts of their IT infrastructure. The survey also demonstrated that companies were implementing additional security measures which were either used rarely or not used at all in the previous year. Such measures included: application control (45% of companies), device control (41%), antivirus solutions for mobile devices (40%) and file-and-folder encryption (40%). The number of companies which use full-disk encryption (39%) and removable media encryption (33%) has grown by 2%. At the same time, 2% fewer companies than in 2012 used solutions for centralized management of mobile devices (Mobile Device Management) according to the survey, the proportion of such companies was 24%.
7 IT security policies Developing and implementing IT security policies is another way to provide additional protection for the company. These policies existed in 86% of the companies surveyed. However, 46% reported that they had had insufficient time and resources to develop and implement these policies. In addition to the lack of time and money, companies also reported problems with enforcement and staff attitudes towards policies. Just over half of all respondents 62% said that employees of their companies took IT security policies seriously and complied with them. At the same time, about 38% of the survey participants did not agree that the staff of their companies were willing to comply with the policies in place and 41% of respondents indicated that employees did not understand why specific IT security policies had been implemented in their companies. Measures aimed at maintaining and monitoring compliance with corporate security policy most commonly include education: 60% of the respondents reported that they regularly circulated bulletins providing the latest information on threats and reminding staff of the importance of IT security policies. In addition, about 58% offered targeted training programs. Sanctions against employees who violate security policies are less widespread: their use was confirmed by 46% of respondents. Importantly, this remains unchanged even for companies that have experienced IT security related incidents. Despite the measures taken by companies to secure themselves against cyberthreats, a large percentage of respondents reported that their organizations had been attacked.
8 IT security threats experienced External threats About 91% of the organizations surveyed reported that their IT infrastructure had been the object of at least one external attack in the past 12 months. Malware, spam, phishing, network intrusion and the theft of mobile devices were the five main threats faced by companies. The proportion of respondents who reported that their companies had experienced malware attacks has grown significantly from 58% to 66%. The number of victims of spam attack grew by 6 percentage points to 61%. Phishing attacks were experienced by 36% of the companies surveyed, attacks on the network infrastructure by 24%, and mobile device theft by 21%. The proportion of companies which reported theft of mobile devices did not change YOY, remaining high. As in 2012, one company in five faced this type of threat.
9 External threats: data loss experienced One of the key parameters determining the extent of the damage caused by an attack is whether the incident led to internal data being leaked. According to the survey, an average of 35% of companies experienced data leaks as a result of external attacks. In 25% of cases this involved leaks of important data, the disclosure of which could damage the business interests of the affected companies. Malware attacks caused the greatest damage: they resulted in leaks of valuable sensitive information in 12% of cases. These were followed, with 5-6%, by phishing attacks, network intrusion/hacking and theft of mobile devices. Remarkably, according to the survey results even targeted corporate espionage which does not affect IT systems causes less damage, percentagewise (4%), than cyberthreats.
10 IT security threats experienced Internal threats Among the internal threats faced by companies in the past 12 months, vulnerabilities in the software used by the companies surveyed ranked highest. Although the proportion of such incidents has gone down significantly since 2011 from 47% to 39% it still remains high. Accidental data leaks by employees constitute the second most common internal threat. Incidents of this kind were reported by 32% of respondents. Slightly fewer companies 30% reported incidents following the loss or theft of mobile devices through the fault of employees. Leaks resulting from the misuse of mobile devices (involving mobile clients or SMS) were reported by 19% of companies. Remarkably, four out of the five most common internal security incidents reported by companies involved actions by employees using mobile devices.
11 Internal threats: data loss experienced On average, 24% of companies had leaks of business data due to internal security incidents. In 6.5% of cases, valuable data was leaked. Leaks of important business data were most often due to unclosed vulnerabilities in the software used by companies 10% of respondents reported such incidents. Loss or theft of mobile devices was the second most dangerous type of internal incident. In 9% of cases these incidents resulted in the loss of confidential internal company data. Overall, internal incidents involving employee actions and the use of mobile devices were the second most harmful for companies, after software vulnerabilities.
12 Mobile phones: one big threat Incidents involving the misuse of mobile devices, particularly mobile phones, were among the most dangerous threats both external and internal. The Bring Your Own Device trend, which means that company employees are increasingly using smartphones and tablets at work, has evolved significantly. However, this affects security to such an extent that mobile devices now form a separate class of threats with its own subcategories. Thus, 95% of respondents reported that at least one mobile device-related security incident had been recorded in their company in the past 12 months. In 38% of cases mobile devices were involved in leaks of important corporate data. About 33% of cases were linked to the theft of mobile phones, which can also lead to data leaks. In 25% of incidents, employees' personal data was leaked; in 22% of cases a compromised smartphone provided access to other corporate devices. Mobile threats are forcing companies to implement additional security policies for mobile devices. However, this is not yet happening in all organizations.
13 IT security policies for mobile devices Implementing IT security policies for mobile devices (such as internal corporate directives regulating the use of such devices) could significantly reduce the risks posed by smartphones and tablets in a corporate IT environment. On the whole, most of the companies which took part in the survey demonstrated that they realize this: 55% of respondents stated that IT security policies were implemented and applied in their companies to a greater or lesser degree. Another 32% of respondents reported they did not have such policies in place, but were planning to implement them in the future. At the same time, almost half (48%) of those who said they had security policies for mobile devices added that the budget increases provided in order to implement such policies had not been sufficient and another 16% stated that no extra budget had been available at all.
14 BYOD policy into the future Most survey participants recognized the so-called Bring Your Own Device trend, which involves corporate employees using their personal mobile devices (smartphones and tablets) in their work, as an inevitable phenomenon. Only 10% of respondents stated that they would step up measures to ban personal devices in the workplace. At the same time, 31% did not plan to restrict the use of personal devices by the staff. Over a third of respondents (34%) had simply resigned themselves to the trend, noting that prohibition would have little impact on the number of personal devices used by their companies' employees. At the same time, most respondents 65% identified BYOD as a threat for their business. The level of concern was particularly high in Japan, where 93% of respondents expressed apprehension. Representatives of Russian companies were the least concerned about the issue, although those concerned still made up more than half of the respondents (57%).
15 Most serious data loss incidents: external + internal + mobile The overall ranking of threats which caused leaks of important data is revealing: malware attacks, as well as a range of internal incidents caused by inappropriate staff behavior and improper use of mobile devices were the main sources of damage suffered by companies as a result of security breaches of their IT infrastructure. This financial damage can be evaluated.
16 Consequences & costs of IT security breaches: from $50k to $649k per incident on average In 2013, B2B International and Kaspersky Lab added a new section to the Global Corporate IT Security Risks survey, asking respondents to assess the financial damage suffered by their companies due to IT security incidents. The result was that, by the most conservative estimates, the average damage suffered by large companies from a single serious incident was $649,000. For small and medium-sized companies, the average damage was $50,000. A small handful of smaller companies reported lost business in the region of 5% of their annual revenue. It is worth noting that financial costs varied significantly depending on attack type. For example, for a large company a successful DDoS attack could cause $527,000 in damages. That figure rose to $2.4 million for a successful targeted attack. Important disclaimer: How estimates were performed Companies which reported in the survey that they had experienced data leaks (regardless of whether the data leaked was valuable or not) were then asked to assess the damage caused by these incidents; When calculating the final amount, only those leaks which had taken place in the past 12 months were included; Companies were asked questions about additional costs related to mitigating the consequences of an incident and preventing such incidents in the future, as well as other procedures arising from the data leak; Companies which were prepared to discuss damage from cyberattacks were asked to evaluate their own financial damage from such incidents. Using data received from these companies, researchers from B2B International assessed the overall financial damage that IT security incidents could cause, as well as damage by attack type, company size, region in which a company operates and a number of other parameters.
17 How the costs add up Additional professional services About 87% of incidents involving leaks of valuable corporate data made it necessary for companies to use additional professional services, including IT consultants, risk management experts, lawyers, physical security consultants and public-relations specialists. In 47% of cases, companies described additional costs related to these specialist services as significant. On average, the overall cost of using additional services amounted to $13,000 for small and medium-sized companies and $109,000 for large corporations. At the same time, in a small number of individual cases, small and medium-sized companies had to spend up to $350,000 and large corporations up to $7.5 million.
18 Damage to business function & reputation In 60% of cases, data leaks caused significant disruption to business operations; 53% of incidents resulted in significant damage to the affected company's reputation. In almost a third (29%) of all cases, an incident resulted in the loss of important business contacts and missed business opportunities. Opportunities missed by businesses were evaluated in terms of financial damage, which, on average, amounted to $22,000 for small and medium-sized companies and about $150,000 for large corporations. Although IT security incidents by no means always resulted in the loss of ability to operate (only a quarter of large companies surveyed reported such difficulties), the damage from such consequences can be substantial up to $63,000 for medium-sized and small businesses and up to $1.7 million for large corporations.
19 Estimated financial damage resulting from any serious data loss incident The average 'typical' damage suffered as a result of a cybersecurity incident was $36,000 for medium-sized and small companies and $566,000 for large organizations. It should be noted that the above calculations took into account the probability of different consequences of an incident taking place; they also included smaller additional costs. At the same time, these estimates did not account for relatively rare consequences of incidents such as a company being forced to offer a minimal service in the wake of an attack. The above numbers are some way short of the final costs. In addition to expenses directly related to an incident, companies had to spend money on a number of reactive measures, including attempts to minimize the chances of similar incidents happening in the future.
20 Actions taken to prevent further breaches The most common measure aimed at preventing future IT-security incidents was deploying additional software and hardware solutions to protect the IT inrastructure on average, 59% of companies turned to these measures. Additionally, large corporations invested considerable amounts of money into hiring new staff to maintain IT security and into training existing employees in methods of incident prevention. On average, recruiting additional staff to maintain IT security cost small and medium-sized organizations $9,000 and large corporations $57,000. Training set large companies back about $35,000, and for small and medium-sized companies the cost was about $7,000. Large companies spent about $66,000 on improvements to the hardware and software parts of their IT infrastructure; small and medium-sized businesses spent about $11,000.
21 Estimated reactive spend on breach prevention As in the case of evaluating direct damage from an incident, estimates of overall reactive costs did not include expenses that were not typical of the majority of companies. For example, if the underlying cause of an incident was employee negligence, it is quite possible that there was no need to upgrade equipment or software. However, regardless of the nature of specific incidents, companies will find it hard to avoid investing in staff recruitment and training, since most successful attacks were the result of oversight or lack of expertise on the part of employees. These were the expenses that made up the estimate of average 'reactive' expenses aimed at preventing incidents in the future. For small and medium-sized businesses, this figure amounted to $14,000, for large companies it was $83,000. Notably, cybersecurity incidents not only inflict financial damage, but could also deal a serious blow to a company's reputation.
22 Spread of knowledge of security breach A leak of sensitive data often means that the affected company must publicly disclose information about the incident. About 73% of respondents stated that they had to distribute information about an incident because a third party had demanded that they do so. A disclosure was most often (in 47% of cases) demanded by customers of large corporations who might be affected by the leak. In the event of an incident, a large corporation would probably have to report it to the regulator, its customers and the press, which would obviously be detrimental to its business reputation.
23 Average impact of data security breaches by region The amount of financial damage suffered by a company as a result of a cybersecurity incident varied significantly depending on the region in which the company operates. For large corporations the most 'expensive' regions in this respect were North America and Latin America, where costs could reach $818,000 and $813,000 respectively. The situation was different for medium-sized and small companies: companies from the Asia-Pacific region lost the most money $96,000 in an average incident.
24 Average impact of data security breaches by type The amount of damage that could be suffered by a company as a result of an IT security incident was also affected by the type of attack which caused the incident. Both for large companies and for those in the small and mediumsized business segment, targeted attacks were the most 'expensive'. Large corporations could lose up to $2.4 million due to an incident of this kind, medium-sized and small companies faced costs of up to $92,000. Penetration of the network infrastructure by hackers was also an extremely expensive type of attack an average of $1.67 million for large corporations and $73,000 for small and medium-sized businesses. Overall, it is obvious that successful cyberattacks can inflict real financial damage even to small companies. B2B International researchers tried to make their damage assessments as conservative as possible, which means that the actual amounts of financial damage may have been much more substantial.
25 Conclusion and Recommendations Although the majority of companies are as yet unable to assess the actual scope of cyberthreats, on the whole businesses realize the importance of effective protection. Malware, together with a broad range of attack scenarios involving company employees and their personal mobile devices, have become the main source of incidents in which companies lost valuable business data. The loss of that data could result in real financial costs which might reach millions of dollars for a single incident, not counting reputation damage, which is diffucult to assess in financial terms. Bring Your Own Device is a major technology-related concept, which has already seen significant evolution. Its influence on security will only increase in the future. Most companies already recognize BYOD as one of the main threats to data security. However, only a relatively small proportion of companies are currently prepared to respond to this threat with well-designed and effective mobile device security policies and dedicated solutions to protect and manage these devices. Based on the survey results, Kaspersky Lab offers the following recommendations, which could significantly increase the level of IT security in any organization. Investment in security IT security incidents can cause real financial and reputation damage. These losses can significantly exceed the cost of putting in place IT security tools which would help to avoid leaks of important data, downtime and other unplanned expenses. This is why it is important to invest in the security of the corporate IT infrastructure. Professional protection and management It is impossible to cope with the constantly growing number and variety of malicious programs without dedicated tools. Entire groups of cybercriminals are involved in creating and distributing viruses, Trojans and spyware. These people are prepared to invest large amounts of money into developing this dangerous software. Cybercriminals increasingly use vulnerabilities in popular software to infect corporate computers. This means that it is impossible to ensure the required level of security without an effective system which provides software updating and management of the corporate workstations on which this software runs. It is equally impossible to ensure protection without a high-quality anti-malware solution. Controlling BYOD is important The regular use of personal mobile devices by employees in their day-to-day work is already commonplace. However, the fact that this situation has become widespread does not make the threats that it brings with it any less dangerous. This means that if a company allows the use of personal devices for work, it needs to use professional solutions to manage these personal devices and protect them against malware. Policies and training The development, implementation and systematic enforcement of IT security policies in a company will make a significant contribution to its overall security. Importantly, employees, who very often become the actual sources or agents of serious data leaks, fail to comply with or accidentally violate security policies. This is why it is crucial to focus on informing and training staff in the area of cyberthreats and ways of combating them. Integrated approach The variety of security threats to the corporate IT infrastucture is so great that there is no single commercial solution capable of resolving all corporate IT security issues once and for all. Using advanced software to protect and manage the corporate IT infrastructure will make an enormous contribution to enhancing the company's security. However, to safeguard the company against all IT threats, adequate attention should be paid to all aspects of the
26 issue: be aware of changes in the area of threats and the latest protection against them, competently select and implement the necessary hardware and software, maintain a high level of employee awareness, and not just among staff whose work is IT-related. Applied together, these measures will provide the company with truly reliable protection.
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
Business Attitudes Toward Cybersecurity 2014 Contents The Main Findings... 2 Current Status of Cybersecurity in Business... 2 Business Cybersecurity Trends... 2 Methodology... 3 Current Status of Cybersecurity
Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and
February 2016 BUSINESS SURVEYS 2015 The state of information security in companies in the EMEA region, and the attitudes of their IT experts and managers CONTENTS Executive summary............................
2012 Endpoint Security Best Practices Survey GLOBAL RESULTS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Top tier organizations fare better against attacks... 8 Finding 2: Top tier organizations
Security Awareness Campaigns Deliver Major, Ongoing ROI CONTENTS 01 01 02 04 05 06 Introduction The Challenge Immediate Value Evaluating effectiveness Ongoing value Conclusion INTRODUCTION By this point,
WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect
Survey: Endpoint Security Concerns 2014 The issues keeping IT admins awake into the New Year Intro 2014 has created uncertainty for those in charge of IT security. Not only is the threat landscape advancing
the customer s point of view August, 2013 Introduction The world of digital devices is constantly changing. New gadgets, online services and applications are appearing all the time. More and more people
CRISIL YOUNG THOUGHT LEADER COMPETITION Should Information Security be an essential element of Business Strategy? PRIYANKA ARORA XAVIER INSTITUTE OF MANAGEMENT, BHUBANESHWAR MBA (2015-2017) Email: firstname.lastname@example.org
The EMEA Encryption and Authentication Markets Current Trends in the Channel whitepaper Evolving, increasingly advanced threats, the increased adoption of cloud services, mobile device proliferation, and
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
WHITE PAPER Endpoint Security and the Case For Automated Sandboxing https://enterprise.comodo.com A World of Constant Threat We live in a world of constant threat. Hackers around the globe work every hour
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
Kaspersky Fraud Prevention platform: a comprehensive solution for secure Today s bank customers can perform most of their financial operations online. According to a global survey of Internet users conducted
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
Survey: Small Business Security A look at small business security perceptions and habits at each phase of business growth. www.csid.com SUMMARY Many small to medium-sized businesses (SMBs) are not taking
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY Symantec 2010 SMB Information Protection Survey Global Data June 2010 CONTENTS Executive Summary...3 Methodology...4 Finding 1: SMBs serious about information
CYBERCRIME AND THE INTERNET OF THREATS www.juniperresearch.com 1 1.1 Introduction As more and more business infrastructure moves online, so do those wishing to destroy or defraud that infrastructure. Cybercrime
White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
Protecting the organization against the unknown A new generation of threats February 2014 Contents Scope of the research 3 Research methodology 3 Aims of the research 3 Summary of key findings 4 IT security
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
y Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost An Osterman Research White Paper Published January 2009 SPONSORED BY onsored by Phone: +1 877-21-TREND www.trendmicro.com/go/smartprotection
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate
Exclusive 201 Survey Results IT Security Threats and Data Breaches Perception versus Reality: Time to Recalibrate Empower business through security. kaspersky.com/business #securebiz Contents Executive
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. What is Mobile Security? Mobile security is the protection of both personal and business information stored on and transmitted
GLOBAL IT SECURITY RISKS SURVEY 2014 DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACKS Table of Contents THE MAIN FINDINGS... 2 METHODOLOGY... 4 DDOS ATTACK FREQUENCEY... 5 FINANCIAL AND REPUTATIONAL IMPACT...
ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial
CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC October 2014 Cyber Exposures of Small and Midsize Businesses A digital pandemic Executive Summary Gone are the days when data breaches,
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
2014 Crucial Cloud Hosting Crucial Research [WEB HOSTING SECURITY 2014] Security is a growing threat for hyper-connected and Internet-dependent businesses whose activities increasingly rely on web hosting
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will
Seven Important Items to Consider When Evaluating Network Support Options Summary This guide helps business owners understand the importance of professional management of their computer networks. The reasons
Commissioned Study SURVEY: Mobile Threats are Real and Costly Introduction A lack of integrated mobile security is costing companies in terms of everything from lost productivity to lost data. Cyber criminals
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
A Custom Technology Adoption Profile Commissioned By Trend Micro April 2014 Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions Introduction Advanced attacks on an organization
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
Data Backup for Small and Medium Businesses: Priorities, Current Practices, and Risks November 12, 2008 How safe is small business data? As the power of computers continues to grow, more and more of the
WHITE PAPER N A Cloud-Client Architecture Provides Increased Security at Lower Cost An Osterman Research White Paper Published January 2012 SPONSORED BY sponsored by! SPON sponsored by Osterman Research,
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
Kaspersky DDoS Prevention The rapid development of the online services industry and remote customer service systems forces entrepreneurs to consider how they can protect and ensure access to their resources.
February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives
FIVE THINGS YOUR SCHOOL NEEDS TO KNOW ABOUT CYBERPROTECTION. Introduction As malware grows at an alarming rate, IT budgets are freezing and shrinking. Educational institutions are often forced into the
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
2009 Antispyware Coalition Public Workshop Jeffrey Fox Technology Editor, Consumer Reports Media contact: Lauren Hackett, 914-378-2561 Background For several years, Consumer Reports has been testing and
Exclusive 201 Survey Results IT Security Threats and Data Breaches Perception versus Reality: Time to Recalibrate Empower business through security. kaspersky.com/business #securebiz Contents Executive
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers