Most organizations have developed cyber security measures for battling today’s mounting threats, yet many admit their businesses remain seriously at risk.
That’s according to new research published last week by NetEnrich, an IT infrastructure and operations management services provider. NetEnrich collected data for its study in October, polling 150 IT professionals on their companies’ cyber security measures for handling potential strikes. While the study revealed 82% of the companies have a plan for handling attacks, about a third of the surveyed respondents noted critical vulnerabilities in their hardware and software systems.
“I always say, ‘Security is not a sprint; it is a marathon,'” said Vikram Chabra, solution architect at NetEnrich, based in San Jose, Calif.
Although NetEnrich found that cybersecurity readiness plans were prevalent among respondents, the objectives of these plans varied. Half of the respondents said attack prevention was the main goal of the plan, while the other half cited a mixture of recovery of loss from attacks, organizational response to attacks and business continuity throughout attacks.
The research findings also highlighted that companies are trying to safeguard their organizations against multiple threat sources. The most likely instigators of cyberattacks were employees, rogue or otherwise, according to 53% of respondents. Additionally, 18% cited non-employees working as part of a “group” as a likely source of cyberattacks, while 15% pointed to non-employees working alone. Four percent indicated state-sponsored organizations as potential threats.
In addition, more than 40% of respondents said they have been victims of a cyberattack, a finding that Chabra said stood out.
The causes behind these breaches were wide-ranging. The top three causes that respondents indicated were stolen or weak passwords, cited by 26%; followed by testing and monitoring systems failure (21%) and advanced persistent threats (15%). Respondents also attributed breaches to employee error, cited by 14%, and lost equipment such as laptops and mobile devices, by 7%.
When NetEnrich asked respondents if the attacks could have been avoided, respondents identified a few different measures they would have taken. Forty-three percent said a better cyber security policy would have thwarted the attack, while 37% cited better tools and methods for testing and monitoring. Twenty-one percent believed they could have prevented the attacks if they had better communicated security policies to their employees.
One of the drivers compelling organizations to adopt cyber security measures, the study suggested, may be the high costs of falling victim to cybercrime. The majority of the survey-takers said the average cost of a breach today is between $50,000 and $100,000.
Other findings of the NetEnrich study included that 66% of organizations contract with third-party consultants or managed security service providers to develop or implement security plans. Sixty-nine percent said the services were “very helpful.”
Chabra noted that companies may have some cyber security measures for managing attacks but many aren’t thinking beyond prevention. Companies should increasingly focus on continual monitoring and detection, he said.
Additionally, he advised that all channel partners, whether value-added resellers or IT service providers, ensure they include security capabilities in all their offerings.