Cyber security is one of the most talked about topics in boardrooms and IT departments across the globe. Every day cyber thieves discover new ways to stealthily infiltrate and attack entities of all shapes and sizes. With data security and online privacy now entrenched in practically all aspects of every day business and society, the question that needs to be asked is: what actions are these companies taking in order to keep their clients safe from security vulnerabilities?
In the 2015 Cyberthreat Defense Report, CyberEdge surveyed over 800 qualified IT security decisions makers from organizations with 500+ employees to ask their perceptions about cyber security and how they combat, or plan to combat potential threats. The report provided some eye opening findings about the current state of cyber security at most of these organizations.
According to the study, companies are investing more resources into IT, especially for security measures. Mobile was one of the biggest concerns that they voiced. The majority of the companies stated that they had neither the adequate investment capital nor the tools to properly monitor cyber threats. A few major findings from the report included:
- For two years in a row, mobile devices have been perceived as the weakest link in IT security.
- Almost 33% of respondents stated that they lacked the tools to inspect SSL-encrypted traffic.
- Less than a quarter of respondents said that they were confident their organizations have adequate investments to monitor user activity.
What this study found was that companies are becoming more cognizant of potential cyber threats to their clients security. This could be due to the fact that 70% of respondents had already been the victims of some form of cyber attack. These companies now recognize the risks and have begun to make a greater effort to combat potential vulnerabilities. Accordingly, virtualization technology and next-generation firewalls were the top-ranked technologies planned for acquisition in 2015.
Despite increased awareness among executives and IT, the concern of people in these departments continues to grow. Employee ignorance of security flaws and vulnerabilities could be considered the biggest weakness to safeguard against cyber attacks.
Lack of necessary budget was listed as a major concern as IT departments are already stretched thin. The protecting against malicious software or simple user errors is becoming an ever-increasing difficult and expensive task. Are the concerns of IT staff warranted?
- Less than 40% stated that their organizations conducted full-network active vulnerability scans more than once per quarter.
- Only 20% responded that they were confident that their organizations had made the adequate investment allocations on educating users ways to avoid cyber attacks.
- BYOD (Bring Your Own Device) initiatives are slated to double this year thereby increasing potential for security breaches.
The study found that many companies were beginning to take adequate measures to protect their clients and themselves against potential security breaches. What was worrisome however was that the vast majority of these reported companies were grossly unprepared. Underfunding and a lack of cyber security education among clients and employees were the main two causes of weak attack prevention.
So, what will these companies be doing in the future to mitigate risk?
- 62% say IT security budgets are expected to rise in 2015
- Over 66% of respondents were attempting to replace or augment current protection tools.
It appears as if most companies are, at minimum, taking the initial steps to strengthen their cyber security. However, these upgrades and system overhauls often take time, money, and a certain level of security expertise that can be hard to find with limited resources and knowledge. A combination of education, awareness, and preventative planning go a long way to thwart cyber threats. The best thing a company can do is to be cognizant of their security weaknesses through security testing. In knowing these weaknesses it becomes imperative to take preventative measures against any threat that could arise.