Download PDF version Contact company

More than half of organizations (52%) consider phishing attacks or ID and credential theft as the top concern in Q3 2020, according to data released by Pulse Secure (acquired by Ivanti), the renowned provider of Zero Trust Secure Access solutions, and CyberRisk Alliance, a business intelligence company.

Additionally, more than one-third of respondents (38%) across all regions experienced unauthorized or improper resource, application or data access, with North American organizations (39%) significantly more likely than Europeans (26%) to have encountered related data exfiltration, anomalous or malicious traffic.

Proactive security allocation

The Cybersecurity Resource Allocation and Efficacy (CRAE) Index, created by CyberRisk Alliance (CRA) and underwritten by Pulse Secure, is a quarterly, time-series tracker that measures the overall focus and direction of North American and European organizations’ cybersecurity activities, spending, and perceived progress over time. Scores above 50 indicate a spending or efficacy increase and scores below 50 show a spending or efficacy decrease.

Compared to the previous quarter, overall resource allocation and spending on IT security rose

Compared to the previous quarter, overall resource allocation and spending on IT security rose (66.5 in Q2 compared to 66.7 in Q3). In contrast, overall efficacy dropped (75.8 in Q2 compared to 74.2 in Q3), indicating that the increased expenditure did not result in a higher perception of improved security results. In North America, spending remained flat between Q2 and Q3 (66.5), but with a greater allocation towards reactive versus proactive security allocation.

cybersecurity technology

In contrast, the European CRAE Index showed an increase in quarterly spending and allocation (68.4 in Q3 compared to 66.5 in Q2) that focused on more proactive measures, with a similar reduction in efficacy (dipping to 74.4 Q3 from 74.9 Q2). The score was higher (by 1.9 points) for Europe than for North America, possibly propelled by organizations advancing the European Union’s General Data Protection Regulation (GDPR) safeguards.

  • Healthcare experienced strong growth for cybersecurity resource and spending allocations globally

Healthcare resource allocation and spending growth accelerated in Q3 by 5.8 points to an index score of 69.6 points. The expansion was driven by protection measures, which jumped 8.7 points to an index score of 75.2, including cybersecurity training and awareness programs, developing processes to secure digital and physical assets, and purchasing or implementing cybersecurity technology.

IoT security issues

In terms of cybersecurity challenges, phishing and identity/credential theft were most impactful

Additionally, the “Protecting” Efficacy Index rose by 7.6 points to 80.6, mostly driven by related protection efficacy, where healthcare organizations shared increased confidence in the effectiveness of their resource and investment allocations since Q2. Healthcare industry respondents highlighted budgetary constraints, a trend continuing from Q2, as their primary challenge to combat rising threats and address elevated risks from untrained staff and employee carelessness with highly sensitive data.

In terms of cybersecurity challenges over the last quarter, phishing and identity/credential theft were most impactful for healthcare respondents (54%), with external compliance and audit events (33%), and endpoint malware and IoT security issues (32%) rounding out the top three.

Security efficacy response

  • Financial services and insurance industries concentrated on recovery

Financial services resource allocation and spending dipped to 67.4 from 68.2 in Q2, along with efficacy that declined 3.2 points in the quarter (from a 77.3 to 74.1 index score). These changes in index levels indicate a slowdown in the spending growth and waning optimism in security effectiveness during Q3.

The only efficacy component that increased was “Recovering,” which includes developing/executing recovery plans and procedures, coordinating communications during recovery activities, and implementing improvements based on lessons learned. Respondents cited an increase in security efficacy response, which jumped 2.9 points, suggesting increased growing optimism about recovery plans and future improvements.

Data theft and corruption

Manufacturing resource spending rose 1.2 points to 67.8, and efficacy rose 2.3 points to 75.1 quarter over quarter

Challenges for this sector in Q3 included increased external threats, business disruption, data theft and corruption, leaks, and lack of new system innovations. Phishing was the top cybersecurity threat (59%), with web and cloud attacks (48%) and internal compliance and audit events (41%) rounding out the top three.

  • Manufacturing showed increased confidence in new strategies and regulations

Manufacturing resource spending rose 1.2 points to 67.8, and efficacy rose 2.3 points to 75.1 quarter over quarter. There was an above-average point increase of 3.8 in “Responding,” which indicates that firms are focused on developing response strategies, policies and controls to prevent future attacks.

Risk management strategies

The manufacturing industry’s 3.7-point increase in efficacy of “Identifying” is consistent with increased confidence in improved asset management plans, risk management strategies and governance programs for this sector. Work from home requirements due to the pandemic impacted manufacturing firms, with many respondents indicating positive changes to improved security policies within their organizations.

Even with such improvement, phishing and ID/credential theft was the top cybersecurity threat (52%), with internal compliance and audit events (45%) and endpoint and IoT threats (42%) rounding out the top three for manufacturing.

Secure digital assets

  • High tech and business services saw slower growth in every sub-index category

High Tech and business services spending dropped 3.8 points to 64.1, as did efficacy by 7.3 points to 72.4. All five NIST components as relayed by survey respondents saw slower growth for spending allocation and efficacy in Q3, with the largest drop of 12.3 points occurring in efficacy for “Protecting,” which includes cybersecurity training/awareness, developing processes to secure digital and physical assets, and purchasing or implementing cybersecurity technology.

Efficacy sentiment for four out of five activities also increased, although at a slower pace in Q3

Even though respondents noted increased attacks in number and scope, as well as increased sophistication and adaptability of adversaries, this industry sector saw slower growth in every sub-index category - indicating a softening resource expansion. Interestingly, phishing ranked as the lowest concern (42%), with endpoint malware and IoT security (46%), web or cloud application attacks (45%), and insider threats and anomalous users (44%) rounding out the top three.

Other findings

The accompanying CRAE report noted that: “Overall, three out of five NIST sub-index component index readings (“Identifying,” “Protecting,” and “Recovering”) rose in Q3 as organizations reported increased resource and spending allocations for proactive cybersecurity approaches, such as process improvements, system and software upgrades, and increased employee awareness and training.

Efficacy sentiment for four out of five activities also increased, although at a slower pace in Q3. “Recovering” efficacy expanded slightly faster on average, reflecting increased confidence of respondents about their initiatives to recover from information security events and breaches.

Information security leaders

“This is a useful piece of cybersecurity research that gives IT and information security leaders directional insight into what is happening on the ground from a peer and industry perspective,” said Mike Riemer, Chief Security Architect at Ivanti.

“The findings highlight that organizations are furthering security investments in proactive technologies to address expanded threats due to increased remote workplace requirements, and that security practitioners need to further their focus on optimising processes and controls to turn the tide of efficacy confidence.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Why Access Control Is Important
Why Access Control Is Important

When we talk about security, people are often quick to jump to conclusions and picture bouncers, heavy steel doors and alarms that go off as soon as a door is opened. Access control is in fact one of the most common and least invasive methods of adding extra security to a home, communal or business premises – controlling who is able to enter a space based on the use of entry codes, key fobs, and/or access cards. Communal flats and office blocks are where access control is often an important factor in keeping the building secure, though private residences also have their own lowkey methods of access control with burglar alarms and personalized codes. With that said, what is it that makes access codes so effective across so many spaces – and why are they so important in today’s society? Benefits of access control Every time you visit an office space, enter a block of flats, or drive into a gated community, you will likely be faced with restricted access and a code pad – plus a button to ring through if you are a visitor. This is a prime example of access control, whereby the owner of the premises has installed a gate or security door which requires a code to enter from the outside. Pressing the request button puts you through to a controller who can then either grant access or deny access. The primary benefit of access control is that it ensures that a space remains secure Some of these code pads have cameras so that the controller can see the visitor – some just have a microphone and speaker. The primary benefit of access control is that it ensures that a space remains secure – only visited by those who are granted access. This restriction helps to keep residents and property safe, not only deterring burglars but ensuring that they are unable to gain entry without permission. Access control panels Some of the examples of access control panels in use include: Private car parks, granting access to employees or residents or paying guests based on the location. Communal buildings and flat entranceways, granting access to residents. These kinds of access control panels will have multiple buttons, one for each flat so that guests can buzz and speak to their contacts. Offices, granting access to employees and their guests. Another key benefit of access control is that entry and exit data can be tracked Another key benefit of access control is that entry and exit data can be tracked, and data can be used for anything from tracking the use of a building, to understanding and logging when individuals have entered and left the premises. For those who have ever watched a Detective drama, you will know how crucial this kind of data can be to determining alibis! Replacing lost keys Inhouse, this can also be useful in identifying who is around when an incident occurs, and in ascertaining how many people are in the premises in the event of a fire or emergency situation. On top of knowing when individuals are accessing certain spaces, access controls can also be used to restrict access to spaces during certain time periods – for example at the end of a shift, or overnight. This is most often found in commercial spaces and car parks, as private residences will grant access at all hours to residents. Access control plays an important role in security and can impact everything from your insurance bills and insurance cover to the amount you spend on replacing lost keys. By keeping certain spaces restricted, only granting access to those who are supposed to be there for work or through their private residence, you are able to keep individuals safe and protect them from the effect of theft. Preventing unlawful access Access control is particularly crucial in tracking the movement of employees should an incident occur In a workspace, access control is particularly crucial in tracking the movement of employees should an incident occur, as well as making the life of your team much easier in allowing them to move between spaces without security personnel and site managers present. It can also reduce the outgoings of a business by reducing the need for security individuals to be hired and paid to remain on site. For a private homeowner or flat owner, access control is what grants you the privacy and security that you deserve in your own space. Whether the control is placed on the outside of a bin store, car parks, communal entrance way or your own personal flat, creating barriers to prevent unlawful access can make a private residence more appealing to tenants or homeowners, and can also provide information and data about who has entered a building and when. Vacant property security The value of access control is that there are a range of solutions according to your budget, your requirements, and the way that you intend to use access control across your site or inside space. For the most part, access control is considered to be a cost effective way of increasing security, cutting back on personnel while ensuring that access is only granted to those who are supposed to be a specific space. The value of access control is that there are a range of solutions according to your budget According to construction site and vacant property security company Sicuro, access control systems with a built in camera are becoming increasingly popular, particularly on the exterior of a building when it comes to granting access to visitors – as those inside can see who is asking to be let in. Managing access control Meanwhile, across inside workspaces and sites, access control managed by pin numbers or fingerprints is often sufficient. Access control is an important part of modern security, ensuring that everywhere from office spaces to private residences are protected from unwanted or unlawful visitors. For the most part, access control is managed automatically, tracking and storing data on who has entered and exited a specific space and at what time – though some examples are tracked and managed manually (for example in a school reception or private residence).

Open Options Paves the Way for New Customers in Access Control
Open Options Paves the Way for New Customers in Access Control

For more than 22 years, Open Options, Addison, Texas, has developed access control solutions that connect to leading security technologies to deliver a full-scale solution based on each customer’s unique needs. In 2018, Open Options was acquired by ACRE, which already owned the Vanderbilt and ComNet brands. To find out the latest, we interviewed Chuck O’Leary, President of Open Options. Q: It has been two and a half years since Open Options was acquired by ACRE. Briefly describe that transition and how the company is stronger today because of it. O’Leary: The ACRE transition really focused on integrating our access control solution, DNA Fusion, with Vanderbilt Industries technologies in order to further our reach in the market and enhance our portfolios. With their support, we have been able to accelerate innovations and expand our global reach. Overall, it has been a great experience to be a part of the ACRE organization, and it has opened the doors to new opportunities for us both here in the states and globally.  Q: What is "Connect Care" and how does it benefit integrators and/or end user customers? O’Leary: For those unfamiliar with the world of access control, it can often be a little overwhelming when first introduced; however, we strive to make our products as easy to use and intuitive as possible, with Connect Care being no different. Connect Care is a system that has been specifically designed to create the most connected experience in the security market Connect Care is a system that has been specifically designed to create the most connected experience in the security market. It serves as a 24/7 bridge from our customers to services like technical support, platform support, professional services, and training. By providing these options for our customers, we can better empower them with the knowledge and expertise of our DNA Fusion access control system and ensure their success with the product.  Q: Who are the new customers entering the market for access control systems in the wake of the pandemic, and how should they be approached/managed differently? O’Leary: Over the last year, there has been a huge demand for access control systems as remote work increased due to COVID-19, and even now, as employees and students are heading back into the offices and schools. Organizations are realizing that having an outdated security system is no longer robust enough for the rapid advancement of technology that we witnessed over the course of the pandemic, and really the past few years. For those who are just dipping their toe into a new access control deployment, the most important thing they can do is to search for a provider who has a solution that is easily integrated, scalable, and provides excellent training and resources. Q: Define the term "touchless access control" and explain why it is gaining a higher profile in the post-pandemic world. O’Leary: The interesting thing about access control is that it has almost always been touchless. Many organizations are looking for robust solutions that are touchless and can be utilized remotely, and it's fairly easy to understand why a solution like this would become widely popular because of COVID-19. Integrators are searching for access control systems that will serve as a proper solution for organizationsThe process of using access control to streamline security infrastructures is not a new concept by any means, but due to the rapid development in technology over the past few years, more integrators are searching for access control systems that will serve as a proper solution for organizations, while still supplying the touchless and remote-based features. Q: What do you see as the future course of the changing technology trends we see in today's market (such as mobile credentials, cloud-based systems, cybersecurity, etc.)? O’Leary: As we continue to tread through the different technological developments in the market today, we are noticing that mobile credentials and biometrics are becoming increasingly popular. As cybersecurity and mobility continue to become more important, we are also seeing the rapid jump to the cloud. By utilizing cloud-based systems, an organization is not hindered by a lack of storage or old software and gains the flexibility to scale their security system as their business grows. Q: How will the access control market look different five years from now versus today? What about 10 years from now? O’Leary: Within the next five years, I suspect that access control will continue to make the move towards cloud-based systems and utilize mobile credentials and biometrics. In 10 years, I think all access control will be open platform and many more organizations will embrace cloud solutions for increased functionality. Also, innovations will continue to be the drivers behind new deployments with some installations being biometrics only and include recognizing fingerprints, retina scans, facial recognition, and voice. Q: What is the biggest challenge currently facing the access control market, and how should manufacturers (including Open Options) be addressing the challenge? O’Leary: One of the biggest challenges facing the physical access control market is organizations actually making the shift to more up-to-date access control systems. Organizations are looking to adopt more digital-focused access control experiencesOrganizations are looking to adopt more digital-focused access control experiences — ones that are focused on integration, newer features, cybersecurity, and ease of monitoring. Access control manufacturers should be addressing this challenge by creating integratable, scalable systems that are easily managed and provide a structured, streamlined approach for an organization’s security infrastructure. Q: What is the biggest misconception about access control? O’Leary: Access control is not a one-size-fits-all solution, and some organizations might have different standards or assets that need protection. This is why it's vital to know the risks your organization faces when speaking with access control providers — to ensure the best possible outcome for your specific needs. It's important to remember that whatever access control system is chosen should proactively mitigate any risks, be easily taught to and successfully used by employees, and be scalable with your organization. No matter the line of work, a proper access control system should streamline the security infrastructure and lessen stress on the security team and employees.

Automatic Gates – The Latest Development In Access Control
Automatic Gates – The Latest Development In Access Control

Automatic gates remain an increasingly popular security choice for family homes, business premises or public buildings – anywhere that full control over access is needed. While there is much to consider for installers when advising clients on the right solution for their property, from the size, weight and cost of a gate system, it’s useful to be aware of the latest developments in the market, as this can help to find the right option to fit their needs. The need for speed Gates can be automated to either swing or to slide open, and there are many factors to take into consideration, when advising on which option to use. However, swing gate motors tend to be slower than the speeds achievable for sliding gates, which means the latter are usually more popular, especially for commercial sites where timing can be among the more important factors. One of the most recent developments in the sliding gates market is the introduction of faster motors One of the most recent developments in the sliding gates market is the introduction of faster motors, such as those from Bft Automation, which allow for opening and closing at a quicker speed than has previously been achievable. Fast authorized access control From a security point of view, the ability to allow people and goods in and out of a property at a quicker pace reduces the risk of unauthorized entry, while waiting for a gate to close – an important consideration in both commercial and residential contexts. Other benefits of a faster motor include reduced waiting times. This can be particularly useful for properties in busy areas, where a vehicle could risk blocking traffic, while waiting to turn into a site controlled by a slower gate. Faster motors Also, a faster motor could potentially reduce the risk of an accident from vehicles entering a property at speed. For example, this might happen if someone was making their first visit to a property situated off a fast road in an unfamiliar area. Beyond these practical considerations, in today’s fast-paced world, people aren’t as used to having to wait for things and this applies to the time it takes to get in and out of their own property. So, security benefits aside, faster motors are likely to be more appealing for clients who have sliding gates fitted to their domestic property and who prioritize convenience. The choice of which of the new faster motors to use will be impacted by a number of factors, including the weight of the gates. Essentially, the lighter the gate is the higher the speed achievable. And, as always, it’s important to make sure that any installation complies with safety regulations. Intelligent torque management systems A further development in access control technology includes intelligent torque management systems A further development in access control technology includes intelligent torque management systems, which update the level of torque required to perform the gate’s operation, allowing it to work at the optimum level, regardless of weather conditions, temperature or the degree of wear and tear on the device. Depending on the typical weather conditions experienced at the site and the anticipated frequency of use, it’s worth looking at options that take these factors into account. Importance of security rights In some scenarios, it’s important for particular individuals to have security rights. In which case, there are motors available that come with personalized keys, which are unique, providing an additional level of security. Installers often face the challenge of fitting gate motors in confined spaces, potentially making for a time consuming and technically demanding task. Available space When you only have a small space to work with, simple details can go a long way to helping you. For example, by putting the fastening screws on the front of a motor’s casing, installation and maintenance are easier and more convenient, even in particularly compact areas. Working with suppliers that offer more than just a manual means you’ll have access to advice and support on how new products work in practice and what you need to consider before advising on an installation.