2013 Cybercrime trends for Irish organisations

2013 CYBERCRIΜΕ TRENDS for Irish organisations All Irish security brcach data is referenced from: Irish Information Sccurity and Cybercrime Survcy 2013, Dcloitte & EMC Organisations surveyed? IT Managers in multinationals, Irish 65% of these organisations have an annual organisations and subsidaries turnover/budget >€250 million 10 15 20 25 | Financial Services IT Education I Government/semi-state | Telecoms Consultancies Health Insurance Legal Other How many security breaches occurred at these organisations? >1 >10 @ 28% of organisations @ 40% of @ 9% of organisations organisations What type of security breach occurred? | Hacking (19%) DoS/DDOS (14%) Malware (12%) Physical attack (5% ) Social engineering (9%) No breac hes (34%) Other (7%) What were the costs of these security breaches? €135k 2.7% €30k was the average cost to Irish Cybercrime costs Irish organisations on average 2.7% of their turnover was the average clean-up and remediation cost organisations for a security breach in 2013 every year Major challenges to combating cybercrime? Only 33% identified combating cybercrime as an active priority 45% considered compliance as the main driver for investment I Evolving technologic al threats (30%) Employees (24%) Lack of funding (13%) | Lack of understanding at board level (12% ) Adequate review of risks before introducing new technologies (21%) 63% How prepared are Irish organisations for security breaches? of organisations are either partially equipped or not equipped to detect security breaches 49% 47% 67% rate their ability to deal with have a reactive security breaches as fair or poor security monitoring strategy have not looked into cyber insurance 10 practical steps to reduce the risk of cybercrime* 12 Mobile User Education Incident Managememt Develop a mobile working policy & train staff to adhere to it. Protect data in transit and at rest. Produce user security policies covering use of the Establish an incident response & data recovery capability. Produce & test incident management plans. Report incidents to law enforcement. organisation's systems. Establish a staff training programme. Risk Management User Privileges Removable Media Establish an effective governance structure. Analyse and quantify risk levels associated with all data. Establish account management processes to monitor user activity. Limit the number of privileged accounts. Delete old Develop policy to control all access to removable media. Limit media types. Scan all media for malware before importing to corporate system. accounts. Monitoring Secure Configuration Malware Protection Establish a continuous Apply security patches & ensure that all ICT systems are securely configured & maintained. Establish anti- malware defences. monitoring strategy of allICT systems & networks. Analyse logs for unusual activity. Implement scans. Produce and continually update policy on malware. 10 Network Security This Infographic was prepared by Protect networks against internal & external attacks through security controls such as firewalls. Manage the network perimeter. Filter out unauthorised access & malicious content. Monitor & test security controls data conversion direct For more please visit: http//:www.dataconversion.ie *10 Steps to Cyber Security. UK Government Communication Hcadquarters, Department for Business Innovation & Skills and Centre for the Protcction of National Infrastructure, 2012. of