• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

How do you rate? Industries with the worst cyber security

June 30, 2014 by Secure360 and UMSA

shieldA recent study done by BitSight rated the cyber security performance of four different industries: finance, utilities, retail and healthcare, and pharmaceutical. BitSight provides companies with security ratings based on continuous analysis of external data on security behavior, communication with botnets, malware distribution and more. The recent study revealed some interesting security holes. Here are a few of the top findings.

Finance

Finance came in with the best cyber security rating from BitSight. The duration of security incidences was shorter than the other industries, suggesting that they have a better response time than other industries.

Despite the good rating from BitSight, Larry Zelvin, a top Homeland Security Department official, recently urged the financial industry to get more serious about combatting cyber security attacks. Zelvin suggested that the industry feels cyber attacks are something they can buy themselves out of, and that’s just not true. He encouraged the industry to have more employees dedicated to cyber security. Efforts are being made to improve the cyber security framework, and to better communicated about security issues.

Utilities

Many of the companies studied in the utilities industry were high performers when it came to cyber security. Executive-level focus on cyber risk and industry regulation likely help the utilities industry do better with cyber security than some of the other industries studied. Executive-level focus on cyber security likely means bigger budgets as well.

Also strengthening the utility industries ability to manage cyber security risk is their focus on sharing information about threats. The industry is working on ways to share information with each other without making themselves more vulnerable for attack.

The financial and utility industries treat security as a strategic, not a tactical issue, which, in part, accounts for their high scores in cyber security.

Retail

If you’ve been paying any attention to the news, it probably won’t surprise you that retail’s cyber security has declined. The number of security incidences increased by nearly 200% in the past year.

Despite the poor rating given by BitSight and the regular news about retail breaches, a Tripwire survey found that retailers are overconfident about their breach detection abilities. 60% of retailers feel confident about breach detection, yet industry research shows that breaches go undetected for weeks, months and even longer. However, 42% survey respondents thought they could detect a data breach within 48 hours. The numbers don’t add up, and with retail being the number one target for cyber criminals, the retail industry needs to do better.

Healthcare and pharmaceuticals

Similar to retail, cyber security is declining in the healthcare and pharmaceutical industry as well. The study found many companies were underperforming. They saw the largest increase in security incidences during the study and the response times were slow. Reasons for the poor rating include weak encryption practices, poor authentication practices, insecure communications and a lack of key management.

What can we learn from these findings? When it comes to cyber security, your organization should treat it as a strategic issue and get high-level buy in, visibility and support. Roadblocks matter. Encrypting data and having secure access will help keep data protected. Be prepared for all that to fail, so if your organization is breached, you have a plan of action and can respond quickly.

If you want to see the full BitSight report, you can download it here.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 22 hours ago

  2. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 3 days ago

  3. Secure360 Conference
    Secure360 Conference: Seize the opportunity in the post-covid world to create a DevSecOps culture. Read how in a blog post by #Sec360 Gol… https://t.co/Hk5HrDRtcP
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.