Businesses 'lack intelligence' required to counter cyber attacks
Report from KPMG suggests while organisations are aware of cyber threats, many aren't equipped to fight them
Businesses recognise the potential threats of cyber crime, but many aren't properly equipped to deal with a malicious attack by hackers, says a report by professional services provider KPMG.
The ‘Cyber threat intelligence and the lessons from law enforcement' report suggests the best tactic organisations can employ to fight cyber threats is to adopt the same methods as the authorities.
"Much can be learned from law enforcement and intelligence organisations. They have long recognized that intelligence-led decision making sits at the heart of their organisational culture and operations," says the report, which suggests a three-pronged method for ensuring protection against security breaches.
The three things KPMG suggests businesses must do are, firstly, "create an intelligence-led mindset" then implement an intelligence operating model before building "an intelligence-led decision-making process".
According to Malcolm Marshall, KPMG partner and head of the firm's Information Protection & Business Resilience team, following this path would help many organisations better prepare for the threat of cyber attacks.
"Increased awareness of cyber security threats is a positive trend, but indications are that organisations now need to focus on putting into place the fundamentals of intelligence management to gain real value from what they know. It's the absolute minimum required to instil confidence amongst Board members," he said.
"No organisation can dedicate resources to counter every threat. With limited public funding, law enforcement agencies have learned hard lessons in how to prioritise threats and allocate resources. Cyber threats are no different.
"It should be possible to identify core vulnerabilities and the potential impact of loss or denial of access. In other words, intelligence collection should be informed by an understanding of the priorities of assets and constantly mutating threats and vulnerabilities," Marshall continued.
"Just as law enforcement agencies use intelligence to protect the public, organisations should be doing the same to protect information assets, customer data and, ultimately, shareholder value," he added.