What CISOs need to learn from Wipro’s cyber security report 2017

Wipro cybersecurity report 2017Wipro’s State of Cybersecurity Report 2017 focusing on CISOs say data breaches once made public, resulted immediately in high peaking of negative sentiments on social media against the enterprise concerned, indicates the post facto twitter sentiment analysis.

56 percent of breaches reported had user credentials (passwords) as part of the types of data stolen, implying that further damage could be perpetrated using the stolen data.

The increase in the number of records stolen in 2016 was 53.6 percent against 2015, said Wipro in its State of Cybersecurity Report, 2017.

The State of Cybersecurity Report, 2017 was developed after interviewing the CISO teams of 139 organizations across various industry sectors. The survey covered 11 countries in North America, Europe, APAC, Middle East and South Asia to evaluate trends in security practices.

Angler, RIG, Nuclear were some of the most common types of exploit kits used by cyber criminals.

Cyber Defence Center (CDC) data analysis points out that 56 percent of all the malware attacks that have taken place in 2016 were a result of Trojans. Viruses and worms accounted for 19 percent and 20 percent respectively.

Other types of malware threat categories like PUA, adware and ransomware, together, though accounted for only 4 percent of attacks, often can lead to significant damages.

A majority of the security products were vulnerable to exploitation and CISOs will be required to keep track of vulnerabilities in the security products themselves.

Emergence of Internet of Everything “surfaces” like connected cameras, cars, health and industrial automation devices proves to be a great launch pad for the “hacking for hire” industry.

Some of the emerging IoT devices come with a low memory and processing footprint accommodate very little security capabilities including patching. Such devices, once “online” with an IP address, are easy prey for sophisticated hacking syndicates.

The report notes that the responsibility for governance of data privacy is still highly centralized, lying with either the CIO, CISO or CPO for 71 percent of organizations. Managing privileged access to data was ranked as the highest control amongst data security controls.

“Cyber security has become very critical to identify risks near real-time and empower stakeholders to take actions and decisions based on priority,” said Sheetal Mehta, global head, Cybersecurity & Risk Services, Wipro.