Highlights of the 2015 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2015. The full report can be downloaded at: http://hubs.ly/y0tFbr0
2. WE WANTED TO KNOW:
o HOW PREPARED DO CANADIAN ORGANIZATIONS FEEL TO
RESPOND TO CYBER SECURITY ATTACKS?
o WHAT IS THE AVERAGE COST OF ATTACKS ON CANADIAN
ORGANIZATIONS?
o WHAT STRATEGIES AND TECHNOLOGIES ARE MOST
EFFECTIVE IN COMBATTING SECURITY ATTACKS?
o WHICH ORGANIZATIONS ARE MOST PREPARED TO DEAL
WITH AN ATTACK, AND HOW DO THEY DIFFER FROM
ORGANIZATIONS WHICH ARE UNPREPARED?
3. WE RECEIVED RESPONSES FROM OVER 600 IT
AND IT SECURITY PRACTITIONERS, FROM A
VARIETY OF INDUSTRIES, WITH OVER HALF
COMING FROM ORGANIZATIONS WITH AN
EMPLOYEE COUNT BETWEEN
250 AND 5,000
6. CHALLENGES TO ACHIEVING
CYBER SECURITY EFFECTIVENESS:
o LACK OF IN-HOUSE EXPERTISE
o LACK OF COLLABORATION WITH OTHER
FUNCTIONS
o INSUFFICIENT PERSONNEL
o LACK OF CLEAR LEADERSHIP
o INSUFFICIENT BUDGET
9. EACH INCIDENT COSTS AN AVERAGE OF
$208, 432 IN
$19,883
$29,035
$38,310
$45,177
$76,087
DAMAGE
TO
REPUTATION
AND
MARKETPLACE
IMAGE
DAMAGE
OR
THEFT
OF
IT
ASSETS
AND
INFRASTRUCTURE
DISRUPTION
TO
NORMAL
OPERATIONS
LOST
USER
PRODUCTIVITY
CLEANUP
OR
REMEDIATION
10. HOWEVER,
IT’S NOT ALL BAD NEWS.
OUR RESEARCH FOUND THAT
ORGANIZATIONS CAN TAKE
DEFINITIVE STEPS TO ACHIEVE A
STRONGER SECURITY POSTURE…
11. OUR RESEARCH IDENTIFIED A SUBSET OF THE
SAMPLE THAT SELF-REPORTED THEY HAD
ACHIEVED A MORE EFFECTIVE CYBER SECURITY
POSTURE (THEY RATED THEMSELVES AS 7 OR
HIGHER ON A 1-10 SCALE OF CYBER SECURITY
EFFECTIVENESS). THIS “HIGH-PERFORMING”
GROUP REPRESENTED 48 PERCENT OF THE
SAMPLE, AND WE COMPARED THEIR
BEHAVIOURS WITH THE REMAINING 52
PERCENT OF THE SAMPLE, THE “LOW
PERFORMERS”…
12. HIGH-PERFORMING ORGANIZATIONS:
o ARE MORE AWARE OF THE THREAT
LANDSCAPE
o HAVE A HIGHER PERCENTAGE OF THEIR
IT BUDGET DEDICATED TO SECURITY
o INVEST IN CUTTING EDGE
TECHNOLOGIES
o MEASURE THE ROI OF THOSE
TECHNOLOGIES
o AND HAVE A SECURITY STRATEGY THAT
IS ALIGNED WITH THEIR BUSINESS
OBJECTIVES AND MISSION
14. SOME OF THE SECURITY
TECHNOLOGIES SHOWING THE
HIGHEST ROI:
25%
26%
29%
44%
38%
43%
35%
41%
42%
48%
53%
58%
ENDPOINT
SECURITY
SOLUTIONS
NEXT-‐GENERATION
FIREWALLS
ENCRYPTION
FOR
DATA
AT
REST
NETWORK
TRAFFIC
SURVEILLANCE
IDENTITY
MANAGEMENT
&
AUTHENTICATION
SECURITY
INFORMATION
AND
EVENT
MANAGEMENT
(SIEM)
HIGH
PERFORMING
COMPANY
LOW
PERFORMING
COMPANY
15. THE PRACTICES OF HIGH-
PERFORMING ORGANIZATIONS
PROVIDE GUIDANCE ON HOW
ORGANIZATIONS CAN IMPROVE
THEIR CYBER SECURITY
EFFECTIVENESS…
16. PREPARE
BE MORE AWARE OF THREATS AND
ALIGN YOUR SECURITY STRATEGY
WITH BUSINESS OBJECTIVES AND
MISSION. INVEST IN A SECURITY AUDIT
TO HELP YOU DO SO.
DEFEND
ALLOCATE MORE OF YOUR BUDGET TO
IT SECURITY, AND INVEST IN
CUTTING-EDGE TECHNOLOGIES WITH
HIGH ROI. PROACTIVELY RECRUIT
EXPERTS TO JOIN YOUR
CYBERSECURITY TEAM.
RESPOND
LEVERAGE TECHNOLOGIES, PEOPLE,
AND PROCESS TO QUICKLY CONTAIN
THREATS AS THEY ARISE, AND
CONDUCT REGULAR ANALYSIS TO
IDENTIFY AREAS FOR IMPROVEMENT.