The cyber threats facing trucking continue to pile up – go here, here and here for just a few examples – the defenses needed to repel them don’t seem to be improving very much.
In fact, recent analysis by global consulting company Accenture indicates that we’re rapidly reaching a “turning point” where cybersecurity is concerned – and it’s not a good one, either, according to Kelly Bissell, managing director of the firm’s Accenture Security division.
“While organizations have improved their security over the last few years, progress has not kept pace with the sophistication of highly motivated attackers,” he noted in a statement.
[FYI: Fleet Owner is helping host a trucking-focused webinar on cybersecurity. Click here for more details.]
“A new approach is clearly needed; one that protects the organization from the inside out and across the entire industry value chain,” Bissell added. “And the start of this must be a new, more comprehensive definition of what constitutes cybersecurity success based on impact to the business.”
Here’s the problem: even as the frequency and scope of serious cyberattacks is rising, nearly three quarters of global organizations polled by Accenture, some 73%, cannot identify and fully provide digital protection to their corporate high-value assets and processes.
Indeed, only one in three of the 2,000 global companies surveyed by the firm – just 34% – said they have the ability needed to monitor for digital threats to critical parts of their business.
Accenture analyzed the results of its cybersecurity survey in collaboration with Oxford Economics and dug up with some unsettling findings:
- Globally, the average organization displays “high performance” in just 11 of the 33 cybersecurity capabilities analyzed. At the top end of the scale, only 9% of organizations managed to achieve high performance in more than 25 of the 33 cybersecurity capabilities.
- The U.S. ranks just fifth on the list of countries with adequate cybersecurity defenses, with the typical company having high performance in 12 of the 33 capabilities.
- In line with its overall ranking, Accenture said the U.S. displays “average performance” across the remaining cybersecurity capabilities with the exception of governance and leadership where it ranks second overall in creating a security-minded culture (53%) and in cooperation with third-parties in cybersecurity “crisis management” practices (42%).
Even corporate information technology (IT) security professionals themselves don’t think their cybersecurity defenses are up to snuff, apparently.
Based on an online poll conducted by enterprise security firm Centrify at the 2017 RSA Conference in San Francisco, only slightly more than half of those IT experts polled (55%) stated they believe their company’s current investments ensures solid cybersecurity for their companies.However, when Centrify pressed about which of the 15 different identity and access management (IAM) best practices they use, many fell short on implementing enough of them to warrant a confidence score.
Among 15 different IAM best practices, organizations are most likely to enforce single sign-on (68%), adaptive multi-factor authentication (43%), least privileged access (44%), no sharing of privileged accounts (36%), and using a secure remote without the need to use a virtual private network or VPN (35%).
Depending on the IAM best practices employed, respondents received an IAM maturity score, Centrify said – with level one being the “least mature” and level four being the “most mature.”
Yet only 20% of IT security professionals polled received a level four IAM maturity score, meaning they conduct audits with confidence and are, according to a related Forrester Consulting study, some 50% less likely to experience a breach and more likely to spend 40% less on technology.
The other 80% received a lower IAM maturity score, meaning they are likely to experience two times the number of data breaches and $5 million more in IT security costs, noted Bill Mann, chief product officer for Centrify.
Additionally, Centrify’s poll found 26% of respondents still share passwords, despite an increase in breaches, with 78% admitting to being the victim of a phishing email.
“The lack of confidence in corporate cybersecurity directly correlates to most organizations having a low maturity score,” Mann explained. “Passwords are the number one security problem in the world [and] organizations really need to employ better IAM practices to stop such breaches now.”
One thing’s for sure in all of this, especially where trucking is concerned: there are a lot of cybersecurity holes that need filling sooner rather than later.