Cyberthreat Defense Report Outlines Security Challenges
Those of us who work in IT Security know cyber threats are on the rise, so much so that it feels like we are under siege. Breach, hacker, ransomware, and State-sponsored attackers are all buzz words that can give a CISO chills. Sure, big data breaches draw big headlines, but is perception really a reality? Now we have hard proof.
CyberEdge Group research firm recently announced the publication of its fourth annual Cyberthreat Defense Report (CDR). The Cyberthreat Defense Report is a comprehensive review of the perceptions of 1,100 IT security professionals representing 15 countries and 19 industries. This report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks against today’s complex cyberthreat landscape.
This study provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Consistent with findings in CyberEdge’s prior three annual reports, the 2017 report finds that network breaches are rising and malware is more troubling than ever. The report also found that 61 percent of responding organizations were compromised by ransomware in 2016, while the percentage of organizations affected by successful cyberattacks reached an all-time high.
Key insights from this year’s report include:
Nearly four in five respondents’ organizations were affected by a successful cyberattack in 2016, compared to 62% three years ago, with a full third being breached six or more times in the span of a year. Close to 60% think that it will be somewhat likely to very likely their company will suffer a successful cyberattack in 2017. With so many reported attackers, and over half predicting future attacks, companies need adhere to best practices of data-centric security to protect their data.
Mobile devices weakest tech component
For the fourth consecutive year, mobile devices are perceived as IT security’s weakest link, closely followed by other end-user computing devices.
Patch management woes
Less than a third of respondents are confident their organization’s patch management program effectively mitigates the risk of exploit-based malware. This echoes the results of HPE Security Research Cyber Risk Report 2016, which found patches, a stop gap measure in and of itself, are only effective if end-users install and apply them.
Threats keeping CISOs up at night
Out of ten types of cyber threats, malware, phishing, and insider threats are the top three that give IT security the most headaches.
Held hostage by ransomware
Six in ten of respondents indicated that their organization was victimized by ransomware last year. Of those affected, 33 percent paid the ransom and recovered their data, 54 percent refused to pay but successfully recovered their data anyway, and 13 percent refused to pay and subsequently lost their data.
Microsoft leaving the door open?
With two-thirds of respondents not fully satisfied with Microsoft’s security measures for Office 365, the door remains open for third-party security solutions. (See our recent blog on our email encryption solution that is a natural complement to Office 365, enhancing its security, privacy, and usability capabilities.)
Security budgets still rising.
Despite stabilizing as a percentage of organizations’ overall IT budgets, nearly three-quarters of IT security budgets are expected to rise (again) in 2017. This is indeed good news, as without adequate funding, no IT security team stands a chance of keeping pace with the ever growing and changing cyberthreats it is likely to face. More worrisome, though, is the vertical industry that’s not keeping pace: government, with both the lowest rate of respondents expecting a budget increase (46.8%) and the highest rate expecting a budget decrease (10.9%).