New research commissioned by IP EXPO Europe, Europe’s number one enterprise IT event, has uncovered that 47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago. This was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%).
In light of this newly perceived risk, more ‘traditional’ cyber threats such as malware, ransomware and DDos are rated as a lower risk, with only 11%, 10% and 9% of ITDMs respectively noting these threats as the biggest risk. Perhaps unsurprisingly, this has led to an overwhelming 94% of respondents demanding that the UK Government spend more on national cyber security.
Unsurprisingly, 43% identified cyber security as one of the main technology themes for enterprises in 2017, with 89% of respondents admitting worry about being the victim of a security breech. However, almost a third (29%) are even more worried than they were 12 months ago, indicating concern over rising threat levels.
In addition, the research revealed concern over the rising threat level. Not only have 52% of ITDMs had to deal with at least one cyber attack on their organisation in the last 12 months, 67% think that the threat level has increased in the last year. In fact, 32% would rate the current threat level as 21 to 30% higher than previously. Technology developments in areas such as AI (22%) and cloud (49%) are identified as increasing exposure to cyber security threats.
“The fact that cyber security is a rising concern amongst ITDMs solidifies what we have been hearing from our exhibitors for years – that cyber attackers are getting smarter so it’s becoming increasingly more difficult for organisations to keep up with the evolving attack styles,” commented Bradley Maule-ffinch, Director of Strategy for IP EXPO Europe. “At IP EXPO Europe we’ve always been focused on ensuring that visitors can learn about the biggest technology problems of the moment and how to address them. For many, cyber security is top of the agenda and this year we’ve built an extensive program to address all aspects of this so that organisations can better keep their assets secure.”
Not only are UK ITDMs dealing with increased threat levels, many also claim they are continuing to face resourcing and skills issues. 29% are more worried about having enough resources to keep their business safe from cyber threats than they were 12 months ago, whilst 27% think that cyber security skills are going to be the most in-demand STEM skills in the future.
In light of these results, it is unsurprising that 16% expect to spend over 50% of their IT budget on cyber security and 25% will spend 11 to 30%. Conversely, an astonishing 18% saying they don’t expect to allocate any budget to cyber security solutions in the next 12 months.
IP EXPO EUROPE EXHIBITOR COMMENTS:
Simon Townsend, Chief Technologist at Appsense: “Sometimes it’s the simplicity of the attacks and the change in how users work which can be a big risk. Many will argue attacks are more sophisticated than they have been previously. Sure – they are more targeted; the level of social engineering is somewhat more sophisticated; in some cases, they are programmed to be extremely clever to bypass existing protection systems, but the initial attack itself is typically simple and mainly down to a busy, naive or unaware user simply clicking an email or link.”
Townsend continues: “In addition to this, users are more mobile than ever, they time slice their personal and work time using phones, PC, tablets and laptops for both social and business use. This desire to be quicker, more productive, get things done faster and from anywhere means that the simplistic attacks prey on those who are just ‘quickly checking their phone’ or ‘quickly catching on up emails in between TV shows in their living room’.”
Jean Turgeon, head of networking, Avaya: “In today’s connected world, cyber security impacts everyone. Every time you connect to any kind of tech infrastructure you face potential threats – this doesn’t mean we should be paranoid about security, but the fact remains that threats are increasing. The old approaches of relying on perimeter defense and rule-based security are now inadequate, especially as organisations move to the cloud. In the near future virtual intelligence will play an important role in combatting cyber security. Imagine an enterprise whose infrastructure is under cyber attack, it’s easy to see how an automated business workflow could be triggered as the attack is detected, enabling the system to take the necessary action to either redirect, isolate, quarantine, or even stop the attack – and notify a government security agency to also take action.”
Mandi Walls, EMEA Technical Community Manager at Chef: “Much of the debate around cyber security is focused on combatting external threats, from cyber criminals to corporate espionage, which is entirely appropriate. Yet there are often more prosaic, emergent threats that can come from the evolution of a company’s own processes. Take Automation, for example. The day-to-day (non-Google and Tesla) world is already far more automated than most people think. From bank loans to Netflix recommendations, companies in every sector are using this technology to increase the velocity of their services and the sheer amount of business outputs. But the only way to go faster, safely, is to build in security and compliance as you go, i.e. to design checks and safeguards into your workflow and processes as they change, and before they go live. Businesses that don’t do this risk accelerating into all kinds of trouble, exposing themselves to some of the biggest risks out there – without even realising it.”
Shannon Simpson, CEO at CNS Group: “Cyber terrorism is increasingly high on the agenda for the UK government, following the rise in attacks seen on the ground in the last few years. If cyber terrorism appears on the threat landscape for an organisation, i.e., where the potential attacks might be coming from, or who it is targeting, it’s imperative that the same steps are followed; classify your critical data, discover where it is stored and understand the impact of losing or not being able to access it. This process should be the core of any cyber strategy, both in the government and businesses across the UK. The report shows that cyber terrorism is just one of many growing issues in today’s threat landscape. It’s important to take a holistic view of your network and continuously monitor the security of your crown jewels, whether that is critical data, industrial control systems or national infrastructure.”
Graham Jones, UK managing director at Exclusive Networks: “Every system has a weakness and, despite all the advanced technology protecting networks, the one area that is most concerning is the human interface and the insider threat. It’s not to say malice is involved either, most scams exploit people’s trust and innate helpfulness. But, the combined potential effect of the naïve (like the US case where an FBI phone operator gave Dept. of Justice network access to hackers), the malicious, the disgruntled, the whistleblower (Snowden), the coerced and the plain criminal is enormous. The human cyber interface has never been so blurred, nor vulnerable. “
Mike Fletcher, Account Manager at Laser 2000 UK: “Security experts agree that the rapidly changing nature of malware, hack attacks, and government espionage practically guarantees your IT infrastructure will be compromised. The question is not whether your corporate network will be compromised, but what to do when the breach is detected. From it being a DDoS attack to a rogue employee opening a back door, the greatest risk is not having an adequate Application Performance Monitoring solution in place to quickly identify the business critical elements of the network and applications that have been compromised in a cyber attack.”
Ojas Rege, Chief Strategy Officer at MobileIron: “The most concerning cyber security risk never changes, no matter what the technology. Security is only as strong as your weakest link. And the weakest link is usually the human. The human weak link creates two challenges. First, the malicious insider continues to be the top security threat in any organisation and yet another reason why applying artificial intelligence to identify and learn from patterns of use is important in mobile security. Second, though IT continues to be the primary line of defence, a well-intentioned but out-of-date IT professional can unfortunately do more harm than good. The mobile threat landscape is constantly changing, and PC security fundamentally does not apply to the modern architectures and use cases of mobile and cloud. Security strategies that try to apply PC and premises-based defences to mobile use cases will overestimate legacy threats and underestimate the new generation of threats. Malware continues to evolve. Apple and Google are constantly fighting threats like XcodeGhost, KeyRaider, YiSpector, and the increasingly pervasive threat of ransomware, which typically locks device access until a ransom is paid. 95% of businesses have no protection against mobile malware, leaving them vulnerable, but even more importantly, many organisations have taken a surprisingly lax attitude to mobile security and lack even the basic protections.”
To register for IP EXPO Europe 2016 (5th – 6th October, Excel London) for free please visit www.ipexpoeurope.com where you can also find additional information about this year’s keynote and seminar sessions, including speaking times. Find us on Twitter and join the discussion using #IPEXPO.