Article
Central Asian Information Security Survey Results (2014)
Insight into the information security maturity of organisations
With a focus on cyber security
Based on the results of the largest information survey in Central Asia (2014) undertaken by the Deloitte Caspian region, it is evident that developing security awareness at all levels is needed in order to make Information Security Programmes more effective. Almost 60% of the respondents indicate that senior management’s commitment should be increased and almost 80% of the respondents indicate that employee awareness should be increased in order to improve the effectiveness.
From September to November 2014 Deloitte performed its first “information security survey” in Central Asia to better understand the current state of information security programmes and governance structures at organisations in the region. The survey covers various industries and addresses how organisations view, formulate, implement and maintain their information security programmes.
The number of information security incidents has been increasing globally, ranging from passive monitoring of communications to close-in attacks. Undoubtedly, the recent Sony Pictures cyber attack, which involved hackers accessing some of the corporation’s most confidential data, has garnered a lot of media attention, as did amassive data breach at JPMorgan Chase & Co. that ended up in 76 million records being stolen. Another example relates to the company “Home Depot” where credit card details of 56 million customers where syphoned, using Malware installed on cash register system.
Central Asia has also seen a number of security incidents making it to the news, However compared to other regions, the number of attacks appears to be limited and for the ones that have been reported, little information is available on the actual impact. According to the responses in this survey, approximately 65% of respondents have not experienced cyber attacks directed at their organisation.
Although the number of publicly known cyber attacks appears to be small, this does not mean that organisations in the region are immune, and could ever be existing under a false sense of security. Given global trends and the increased number of attacks and attention given to cyber security, it could very well be that Central Asia may become the next target for hackers in the near future. When -not if -this happens, organisations need to be prepared.
Executive summary
The survey identified the five most relevant conclusions on the current state of information security programmes (cyber security) in Central Asia, as follows:
1. Majority of companies have not been exposed to cybersecurity incidents.
2. Information security policies, procedures and responsibilities are mostly in place and defined.
3. Insufficient controls to ensure third parties, (i.e. vendors / partners), comply with appropriate security standards.
4. Awareness of business (senior) management and end-user around cybersecurity risks is insufficient.
5. Though basic security measures are in place, more advanced solutions are uncommon.
Download the full report to gain a more detailed insight on survey findings.