That begins with laying a foundation for security, starting with conducting a security assessment, creating a roadmap and getting board-level support. Unfortunately however, more than half those surveyed by Ernst & Young said their organizations are challenged by a lack of skilled resources, and 43 percent said their total information security budget will stay roughly the same in the coming 12 months despite increasing threats.
According to the report, companies should treat cyber-threats as a core business issue and put in place a decision process that enables quick preventative action. In addition, businesses should seek to understand the threat landscape as well as their key assets. Finally, the report recommends focusing on incident and crisis response, testing the organization’s capabilities regularly and use any information gleaned from attacks to evolve its security.