The CyberEdge Group has released their 2017 Cyberthreat Defense Reportand the takeaways are pretty interesting. The CyberEdge Group is an award-winning research, marketing and publishing firm serving the needs of information security vendor and service providers.
This report is based on responses from 1,100 IT security professionals from larger enterprise companies with more than 500 employees. These companies represent 19 industries and 15 countries. Some of these key takeaways apply to all businesses and provide good reference points of focus. Of particular interest are the following:
- Attacks are on the rise. Nearly four out of five respondents had a successful cyberattack last year. One third experienced six or more successful attacks over the course of the year.
- There is optimism in the market. Though this is not a good trend. Too many organizations do not think they we will be the victim of a cyberattack. This concerns me that businesses are not taking the threat seriously enough.
- Mobile devices are the weakest link. Not enough companies are deploying mobile device management. This is not just about finding a lost device or erasing it, this is about appropriate control over company data…what is allowed on the device and what apps on the device can access that data.
- Need to focus on secure apps. This is especially true for organizations that develop their own apps. There needs to be a renewed focus on security for these apps, as well as user training on cyber risk.
- Failure to monitor privileged users. Very few organizations have the right tools in place to monitor the activity of users with administrative rights.
- Patch management concerns. This was validated by the recent WannaCry outbreak. Companies need to do a better job keeping their systems updated. Known and unaddressed vulnerabilities are the most common attack vector.
- Cyber insurance pulls its weight. Seventy five percent of organizations feel they have a good level of cyber insurance. The insurance industry has done a good job addressing this need, which also helps drive awareness and action.
A few other key findings that are worth noting are that ransomware remains the largest concern. Most companies feel they are most likely to be attacked through malware like ransomware. This again points to need for user education, to understand the risk and their role in protecting the business. As more systems move to Cloud hosted options, like Microsoft Office 365, concerns about the security of these systems grows.
In many organizations, security budgets are getting the most resources. I know one large organization that allocates more to their cyber security budget than to the entire IT budget. Another concern lies with the massive volume of security related data that even the smallest business generates. Parsing this information for actionable intelligence can be a daunting task. In addition, the volume of data requires ample and adaptive storage capacity that most business do not have. This leads to the deletion of data that could be critical in identifying the validity of an attack and it’s potential source or method.
You can read the entire report on the CyberEdge Group web site at https://www.cyber-edge.com/cdr.
Source: 2017 Cyberthreat Defense Report, CyberEdge Group, LLC.
