PALO ALTO, Calif. (PRWEB) September 20, 2018
The cyber risk landscape is quickly evolving, but organizations are slow to catch up with the new threat landscape. Organizations are still organized to focus primarily on more traditional cyber risk management, are not updating their processes and policies or investing in tools and technologies to comprehensively address the latest and fastest growing threats coming from digital and social media. While there has been a rise in organizations investing in tools and technologies to specifically identify and address social media risks, this still represents a minority, and companies are not organized or properly resourced to comprehensively address cyber security in a digital world. Only a small fraction of companies have a fully mature, optimized, resourced program to comprehensively address and manage today’s cyber risk landscape. These were among the key findings of a survey of more than 250 companies across a wide range of industries to track how they perceive and manage digital and social media risks today.
“The 2018 State of Digital and Social Media Risk Management,” now in its second year, was conducted by JEM Consulting & Advisory Services, a Silicon Valley-based management consultancy focused on digital and social media. The study, sponsored by Proofpoint, highlights trends and best practices for digital and social media risk management and provides a useful resource for teams responsible for managing the growing number and types of digital and social media risks in their organizations.
Key findings include:
Cyber risk is evolving. Some of the fastest growing digital risks organizations face today include angler phishing, specifically fraudulent customer care responses on social media that phish unsuspecting customers of their username and password credentials and domain fraud, the registration of spoofed branded domains by cyber criminals looking to phish unsuspecting customers of their username and password credentials. Organizations are also challenged to effectively manage compliance-related social account sprawl and profile monitoring to assess the risk and safety of key executives on social media and the dark web.
Organizations often focus on more traditional cyber risks and are not investing to address the latest and fastest growing threats coming from digital and social media. When asked to rank their biggest digital risks, survey participants ranked email security, malware and website security as their top three concerns. Phishing attacks ranked number five, imposter social media accounts ranked 13th and domain fraud ranked 17th. While there has been a rise in organizations investing in tools and technologies to specifically identify and address social media risks (an 8% increase since 2017), this still represents a minority. Less than half of organizations (41%) invest in any tools and technologies to help mitigate social media brand, security and compliance risks.
Senior leadership and boards need to better understand the current digital risk landscape. According to the 2017 – 2018 National Association of Corporate Directors (NACD) Public Company Governance Survey, boards have a high level of discomfort with cyber-risk management. Only 12% of board members believe their boards possess a high level of cybersecurity knowledge and only 37% feel confident that their companies are properly secured against a cyberattack. This finding was reinforced by JEM’s study. One survey respondent commented, “You must have the C-suite on board. Ours got burned a couple of years ago and that was the fire we needed to get moving on it.”
This year’s survey also asked about General Data Protection Regulation (GDPR) compliance, and discovered that many organizations either overestimate their GDPR compliance or underestimate the need to comply. Respondents were asked about their GDPR-readiness. Forty-one percent of respondents said they were ready and 38% said they would be ready. Nine percent said they didn’t believe that GDPR was relevant to them and three percent were not aware of GDPR. Only nine percent of respondents said they were not ready to comply with GDPR by the deadline. Yet, more than a quarter of respondents did not have a data protection or privacy program or any programs to educate their employees about data security, privacy and data protection policies and risk mitigation just a few weeks prior to the May 25th GDPR-compliance deadline.
“Cyber risks are ever evolving and cyber risk management must evolve as well to truly ensure security, privacy and data protection,” stated Jen McClure, CEO, JEM Consulting & Advisory Services. “Organizations can improve their digital risk management by focusing on people, process and technology. Senior leadership and boards need to better understand the evolving cyber risk landscape and the importance of protecting their organizations from digital and social media risks in addition to more traditional cyber threats. Organizations must make training and education for employees a priority and consider creating a Digital Center of Excellence or Digital Governance Center to provide a framework to think and act comprehensively and collaborate and communicate across departments and functions. And organizations must make investments in new tools and technologies to proactively identify and manage advanced attacks delivered via email, social media and mobile apps.”
“Cyber criminals are looking for every possible way to exploit an enterprise. As security teams protect against these emerging digital threats, relevancy and automation are key to filtering out noise and delivering actionable threat detection in real-time,” added Dan Nadir, Vice President of Digital Risk, Proofpoint.
About JEM Consulting & Advisory Services
JEM Consulting & Advisory Services is a Silicon Valley-based management consultancy for the digital age. JEM works with its clients to help them gain a competitive edge through digital and social media strategy, enablement and governance. For more information, visit http://jem.consulting.