Free Newsletter
Register for our Free Newsletters
Associations, Services and Universities
Automotive Industry
Design & Manufacturing Services
Education, Training and Professional Services
Electrical Components
Electronic Components
Fastening and Joining
Laboratory Equipment
Machine Building & Automation
Maintenance, Repair and Overhaul (MRO)
Materials & Processes
Materials Processing and Machine Tools
Mechanical Components
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Cyber security report: UK manufacturing industries fall behind expectations

ForeScout Technologies : 22 July, 2014  (Technical Article)
Sponsored by ForeScout Technologies, the 2014 Cyber Defence Maturity Report is independent research conducted by IDG Connect during May and June of 2014. Survey respondents included 1600 IT information security decision makers in organisations of more than 500 employees, and spanning five industry sectors in the US, the UK and the German-speaking region of Europe (DACH). A key finding of the report is that more than 96% of organisations experienced a significant IT security incident in the past year. But of greatest concern to UK manufacturing is that it is below average in maturity (awareness of threats), yet likely to invest less than other sectors and other countries.
Cyber security report: UK manufacturing industries fall behind expectations
The need to improve security management is evidenced by the growing number of industry and regulatory compliance frameworks specifying security measures and how sensitive information is protected both on and off-premise. Network complexity, exposure diversity and threat velocity are challenging security operations. But organisations don’t know where they stand and where they are going without a baseline. The 2014 Cyber Defence Maturity Report is designed to fill this gap by illustrating the nature of security threats and the extent of defence maturity.
The report offers key insights into the nature of the security issues impacting organisations; the perceived maturity of process, controls and tools applied to preempt and contain exposures; the state of confidence in security operations; and the most likely areas for future improvement and investment. 
The majority of IT organisations are aware that some of their security measures are immature or ineffective, but only 33% have high confidence that their organisations will improve their less mature security controls. Also evident in the results is that more than 43% perceive problem prevention, identification, diagnosis and remediation to be more challenging than two years ago, citing the increasing operational complexity and threat landscape as affecting security capacity. 
“We are pleased to sponsor the 2014 Cyber Defence Maturity Report conducted by IDG Connect. The findings provide a useful snapshot of the state of exposures, controls and investment across global regions and industries,” said Scott Gordon, chief marketing officer at ForeScout. “The independent research clearly validates the need for continuous monitoring, intelligence and mitigation capabilities, such as are exemplified in ForeScout’s pervasive networks security solutions.”
Finding Highlights
  • One in six organisations have had five or more significant incidents, and 39% have had two or more incidents. And while confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment, compared to where incidents have been most impactful.
  • Top security incidents comprise phishing, compliance policy violations, unsanctioned device and application use, and unauthorised data access.
  • 40% report that security management tasks are more challenging now than two years ago, specifically problem prevention, diagnosis, identification and remediation.
  • The most frequent cited security issues are from malware and advanced threats, application and wireless security, network resource access, unsanctioned application and personal mobile device use, and data leakage. 
  • The control practices indicated as relatively immature are personal mobile device usage, perimeter threats, inventory management and endpoint compliance, virtualisation security, rogue device and application security. However, only 54% of respondents said they are somewhat confident of the likelihood of improvement over the next 12 months.
  • Over 61% cite low to no confidence on network device intelligence, maintaining configuration standards and defences on devices, and ensuring virtual machine and remote devices adhere to policy.
  • The top five security technologies perceived to have the greatest interoperability value are firewalls, anti-malware, network access control (NAC), mobile device management (MDM), and advanced threat detection (ATD).
  • In the UK the Manufacturing sector suffered from more security incidents – whereas the Health sector was below the worldwide aggregate level. In line with the generic trend: Healthcare in the UK is less mature than Manufacturing. Both verticals in the UK are less mature compared to the worldwide average (=US) 
Industry and Regional Highlights
  • Malware and APT attacks are rated as a top priority across all industries and regions, yet it appears that there is lower likelihood of investing further resources to reduce perimeter threats.
  • Significant compliance policy violations that consumed a large amount of time to recover from occurred an average of 2.6 times in the last 12 months on average across all three regions, but more in the US than in the UK and DACH countries.
  • The manufacturing, education and finance sectors in general appear more prone to phishing attacks, while the healthcare sector is more likely to experience higher than average compliance policy violations. An exception is the manufacturing vertical in the UK, where unsanctioned application and device use, compliancy policy violations and zero-day malware show more incidents.
  • Healthcare is more concerned about data leakage monitoring issues than manufacturing, education, retail and finance. Compared to the other verticals in the UK and/or security concerns, data leakage monitoring is by far the most important issue to healthcare. But in the DACH region, unsanctioned device and application use and system breaches appear more problematic.
  • Financial institutions are subject to more incidents caused by phishing attacks, compliance policy violations, unsanctioned application use, and data leakage, and overall find problem remediation more challenging compared to other sectors.
  • When it comes to policy definition, technical controls and mitigation capabilities, the education sector in general appears the least mature, while the financial sector appears the most mature. In the UK, also the financial sector appears to be the most mature, but here it is the healthcare sector that appears to be less mature.
  • Countries in the DACH region have less confidence in improvements to inventory management tools than their counterparts in the UK and US.
  • Governance, Risk management, and Compliance (GRC): 78% of respondents cite BYOD as having an impact - while the retail sector appears to be more progressive on BYOD security, in general, European respondents cited data wiping and encryption as having a higher impact. 


Top Left: Top security incidents and IT security management problems Top Right: Significant security incidents in past 12 months - only 4% of respondents reporting no incidents of significant impact Right: Inadequate visibility means security gaps Below Left: IT security management capabilities - industry and regional differences Below Right: Likelihood that low-rated security measures will improve (regional differences). Note: investment level in UK appears to be below average
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo