Download as PDF, PPTX
Uploaded byScalar Decisions
2016 Scalar Security Study Roadshow
The 2016 Scalar Security Study reports that Canadian organizations face increasing challenges from cyber attacks, with only 37% feeling effective in their defenses. The study highlights significant costs from these attacks, averaging $7 million annually, and emphasizes the importance of aligning security strategies with business objectives. Recommendations include investing in advanced technology and expertise to enhance security measures.
More Related Content
![Scalar security study2017_slideshare_rev[1]](https://cdn.slidesharecdn.com/ss_thumbnails/scalarsecuritystudy2017slidesharerev1-170628170828-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
![[Challenge:Future] Rallying Youth Against Cyber Crime](https://cdn.slidesharecdn.com/ss_thumbnails/challengefuture-rallying-youth-against-cyber-crime760-111125224621-phpapp02-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to 2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
- 1. Toronto February 25, 2016 2016 Security Roadshow
- 2. The 2016 Scalar Security Study
- 3. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 3 Purpose of the Study § How prepared are Canadian organizations to deal with cyber attacks? § How have cyber attacks changed over the past year? § What is the cost of cyber attacks to Canadian organizations? § What are the most effective ways to reduce cyber security risk?
- 4. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 4 Study Scope § 100% Canadian § 654 qualified responses § Security-savvy respondents § Medium-to-large organization focused (25% > $1B revenue) § 18 industries § Global presence
- 5. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 5 Why Canadian Data Matters § US studies reveal individual breach costs in the millions § Regulatory landscape § Different cyber attack profile in Canada § Canadian companies differ § Size § Culture § Budgets § Access to resources
- 6. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 6 Only 37% of organizations believe they are winning the cyber security war § Attacker sophistication on the rise § More attacks reported § Greater losses of data § Traditional defenses ineffective § Lack of advanced technology § Skill gap persists Overall – Lower Confidence
- 7. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 7 $7 Million Over the last 12 months, cyber security compromises cost organizations roughly § Average 40 incidents per year § 51% reported lost sensitive data § Increased concern of cyber crime § Inside threats specifically concerning § Targeted attacks on the rise § Severity § Sophistication § Frequency Attacks on the Rise
- 8. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Most Losses Are Indirect Breakdown of Losses 2015 2014 Cleanup or remediation $766,667 $676,023 Lost user productivity $950,625 $987,191 Disruption to normal operations $1,061,818 $1,101,379 Damage or theft of IT assets and infrastructure $1,638,663 $1,533,989 Damage to reputation $2,647,560 $2,586,941 Total $7,065,332 $6,885,523 § Within each category 15%-20% of respondents could not estimate the cost
- 9. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Intellectual Property Losses and Competitive Advantage 36% 33% 31%32% 30% 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% Yes, I believe it has caused a loss of competitive advantage No, it hasn't caused a loss of competitive advantage Unsure 2015 2014 § 33% reported a loss of IP in the past 24 months § Criminals were ranked as “most likely” to launch an attack § Insider threats ranked very important
- 10. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Intellectual Property Losses 59% 43% 33% 30% 19% 7% 65% 46% 30% 33% 15% 8% 0% 10% 20% 30% 40% 50% 60% 70% Gut feeling Appearance of copied products or activities Emergence of new competition Soured deals or business ventures Compromised negotiations Other 2014 2015 § Average between $5M and $6M annual losses § Losses are supported by evidence of damage § Criminal activity affecting business deals
- 11. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Interesting Data on Advanced Threats 70% 26% 4% 77% 20% 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Yes No Unsure 2015 2014 § 70% of threats evaded IDS or AV systems § 82% of respondents reported threats that evaded AV systems § Confidence in “No” response?
- 12. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Interesting Data on Advanced Threats 80% 65% 49% 48% 46% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Web-borne malware attacks Rootkits Advanced persistent threats (APTs)/targeted attacks Spear phishing Clickjacking § Most threats are considered ”advanced” § Targeted attacks to gain access to data (loss of IP) § Users as targets § High number exploits > 3 months old
- 13. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Interesting Data on Advanced Threats 38% 54% 8% 0% 10% 20% 30% 40% 50% 60% Yes No Unsure 62% Cannot confirm that they are able to detect nor stop advanced threats 46% Unsure how to identify APTs as cause of incidents
- 14. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Interesting Data on Advanced Threats 60% 55% 44% 41% 29% 56% 49% 42% 38% 36% 0% 10% 20% 30% 40% 50% 60% 70% IT downtime Business interruption Theft of personal information Exfiltration of classified or sensitive information Nothing happened 2014 2015 § Overwhelming data that supports losses of data and business interruption § YET… 29% believe “nothing happened” as a result of APTs
- 15. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Beyond Technology 3.54 3.13 2.18 2.00 1.75 3.94 2.89 1.90 1.67 2.05 0.00 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 Insufficient budget (money) Lack of clear leadership Lack of collaboration with other functions Lack of in-house expertise Insufficient personnel 2014 2015 § No mention of technology (except lack of budget) § 93%-95% rank experience as qualifier for experts § Collaboration important outside of IT function
- 16. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. Beyond Technology 25% 33% 37% 23% 31% 40% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Yes, fully aligned Yes, partially aligned No, not aligned 2015 2014 37% Of Security Strategies NOT aligned with the business
- 17. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 17 § Less reliance on traditional tools § Leverage technology to achieve visibility, understanding and control § More awareness of severity and frequency of attacks § Align security strategy with business objectives Attributes of High Performers
- 18. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 18 § High performing organizations: § More aware of threats § Spend more on security § Measure ROI on investment § Report more attacks § Suffer fewer losses § Beyond the numbers Driving Successful Outcomes
- 19. © 2016 Scalar Decisions Inc. Not for distribution outside of intended audience. 19 Study Conclusions § Conduct risk and vulnerability assessments to understand probable attack vectors § Align security strategy with business objectives, and secure sufficient funding in people, process and technology § Invest in technologies that provide visibility understanding and control to detect anomalies in your environment § Invest in expert skills and specialized training for in-house teams;; or consider leveraging an external 3rd party security services firm
- 20.