Hack Proof: Best Practices to Improve Cybersecurity.

• Author: Vollmer, Sabine
• Position: Tech Talk

Cybersecurity remains a significant concern, despite the progress companies worldwide have made in the past two to three years building up corporate shields against breaches, EY research suggests.

A majority (87 percent) of more than 1,700 C suite, information security and IT executives EY polled worldwide said they lacked confidence in their company's level of cybersecurity. They arc most worried about poor user behavior around mobile devices such as laptops, smartphones and tablets 7:! percent), unauthorized access 5 1 percent and the inability to identify suspicious traffic over networks that connect an increasing number of devices (49 percent).

"Boards and C suites are becoming more informed," says Marco Bodellini, CPA/CITP, CGMA, an internal auditor and consultant in New Orleans. "They're realizing that spending money on cybersecurity--buying a whole bunch of software and hardware, hiring an expert or two--doesn't mean you don't have to worry about it."

Cybersecurity Risks Persist

Effective services and tools that companies can use to resist cyberattacks exist and cybersecurity budgets are increasing, but more than half (57 percent) of the participants in the EY survey reported recent, significant cybersecurity incidents. Spotty compliance with policies and guidelines or insufficient policies create vulnerabilities.

More training and awareness are needed to prevent employees from clicking on links that download malware. And password policies are frequently too lax or not followed.

More than 60 percent of respondents in the EY survey considered budget constraints an obstacle to better cybersecurity. But more money doesn't necessarily translate into more security.

To balance budget constraints with security demands, companies should focus on identifying and classifying their data based on their level of importance to determine the level of protection needed. Additionally, not only should companies perform regular maintenance, such as timely vendor patch updates, but also risk assessments to determine vulnerabilities. Companies should ensure contemplated software and hardware purchases are aligned with the organization's IT governance policies and enterprise architecture requirements.

Also, hiring skilled IT people may improve cybersecurity, but 56 percent of respondents to the EY survey said lack of skilled resources is the second biggest challenge for corporate cybersecurity operations behind budget constraints.

Best Practices

Companies...