Connections +
News

EY identifies top cybersecurity threats in 2016


January 26, 2016  


Print this page

Cybersecurity is a growing threat for Canadian businesses, yet according to EY’s Global Information Security Survey, more than one-third (36%) of organizations still don’t believe they can detect sophisticated cyber-attacks. That number is lower than last year (56%), but the consulting firm says it is still a concern as the level of sophistication in attacks continues to increase. Because of this, Canadian organizations in both public and private sectors are collaborating to respond to this threat more effectively and in a timely fashion.

“With the recent increase in adoption of threat intelligence services, we are seeing businesses start to take a very different and more proactive approach to information security,” says Abhay Raman, EY’s Canadian cyber security leader. “The future will see more persistent, multi-vector targeted attacks on operational technology environments versus mass attacks.”

As organizations strive to understand cybersecurity, these are six trends to watch in 2016, according to EY:

  1. Cyber threats from the interconnected world         

Approaches to cybersecurity will need to encompass the Internet.

  1. Growth in digital identities

Organizations must rethink how they recognize and treat identities by establishing robust data ownership and date protection policies.

  1. Hyper-regulation leading to a more complicated landscape

Organizations risk becoming so focused on complying with different requirements they won’t be able to develop an overall strategic and balanced approach to cybersecurity.

  1. Criminal marketplace will become increasingly professional

Organizations should conduct a tailored threat assessment aligned to protect their most valuable data, and establish mitigation measures around vulnerabilities for access to it.

  1. Traditional models for defense are no longer adequate

Leading organizations need to look for ways to proactively engage their highest risk adversaries and protect critical data assets.

  1. Advanced “active defense” to detect and respond to advanced cyber-attacks

By applying “active defense” techniques and leveraging security analytics, organizations will be able to shift the paradigm from reactive to proactive.

“The key to effective use of threat intelligence lies in relating it to business context quickly, or face the inevitable drowning in a sea of irrelevance,” says Raman. “Companies need to consider how to filter the useful information from the useless. In other words, they need to plan for this onslaught of data before they are buried in it.”

According to EY’s survey, the two top information security threats are phishing (44%), and malware (43%). EY, meanwhile, has five recommendations for businesses to protect their employees and information:

  1. Identify the real risks (employees, hackers etc.)
  2. Prioritize what matters most
  3. Govern and monitor performance
  4. Optimize investments
  5. Enable business performance.