A study by KPMG Advisory, in collaboration with FireEye, exposes major pain points in this area. 80% of companies surveyed were not able to prevent breaches, despite antivirus programs, spam gateways, and other best practices. Of the firms that were compromised, none had sufficient capability to detect the breach. Modern threats are not being detected and too often go unnoticed. Malicious software comes in many forms and is a major threat to the security and integrity of Belgian companies.
Brussels, 1 September 2015- Hacking of information systems occurs frequently, and the cost of cybercrime annually is estimated at a whopping 3.5 billion euro* in Belgium. KPMG Advisory, in collaboration with FireEye and Exclusive Networks, studied, over a period of eight months, the extent to which 10 large Belgian companies from seven different sectors were victims of cyber attacks. The results of the study were frightening: eight of these 10 companies were, without knowing it, infected with active malware that remote attackers were able to communicate with.
"Most companies surveyed were unable to prevent intrusions into their network, either via antivirus, spam gateways, or other tools," says Senior Cyber Security Specialist Jordan Barth of KPMG Advisory. "Even afterwards, the companies affected could not detect the infiltration. The risk of losing important data that can damage their competitive position, their reputation, and their business is quite substantial. Moreover, it takes a lot of time to investigate the problem and to resolve it."
"It is therefore of utmost importance that companies view information security as a top priority for the whole enterprise and not just the IT department. The known preventive measures may not be able to intercept all the intrusions, but a defensive approach does support overall resilience. However, this should not result in a false sense of security, and continuous tests and simulations remain necessary," Barth adds.
Because prevention is never 100% guaranteed, companies must be prepared for an intrusion, by installing controls so that the capabilities of the attacker are limited, and they are able to determine how to detect such an attack and remedy it.
How can a company better protect itself against cyber attacks?
Some tips to help protect an organization from external attacks