Cyberattack volume continues to increase, but many of these attacks go unreported, according to Monday’s 2019 State of Cybersecurity Study from IT and cybersecurity association ISACA.
Of the 1,500 cybersecurity managers and practitioners surveyed globally, about half reported an increase in cybersecurity attacks on their organization this year. Nearly 80% said it is likely that they will experience an attack next year, the report found.
The fear of employee errors causing cybersecurity breaches is well-documented. Also concerning is the finding that only one in three cybersecurity leaders reported having high levels of confidence in their cybersecurity team’s ability to detect and respond to cyberthreats.
“Many teams are missing the attacks that significantly impact organizations because they don’t have the size or expertise to keep up with the attackers and are overwhelmed. Moreover, their existing security tools and processes are segregated and seldom work in tandem, leaving the teams staring at multiple consoles and drowning in alerts and incidents.” – Renju Varghese, fellow and chief architect of cybersecurity and GRC at HCL Technologies Ltd.
NS Tech rounds up the research announcements coming out of the first day of Infosecurity Europe. Two highlights include:
The insider threat is even greater than we thought: Security companies have been warning customers about the risks their employees pose for years, but new research commissioned by Deep Secure reveals the true scale of the threat. A survey of 1,500 people carried out on behalf of the vendor found that nearly half of British workers would be willing to sell corporate data to external parties and one in four would do so for just £1,000.
Security professionals are more stretched than ever: The cyber skills shortage has been a common theme at Infosec in recent years, but despite industry and government initiatives to address the issue, security professionals are more stretched than ever. A survey of 300 security workers in British organisations employing more than 500 people found that 70 per cent have considered quitting their jobs because they do not have enough resources to stem the tide of attacks. One in two warned that staff shortages were the biggest threat to their defences.
“The insider threat is far greater than many businesses would have believed,” Deep Secure chief executive Dan Turner told NS Tech. “We were quite shocked [by the findings].”
SolarWinds released findings from a new IDC® White Paper, Affordable Tools and Shared Responsibilities Define Midmarket IT Security Trends. Based on a survey of both IT and non-IT respondents on their organization’s cybersecurity practices, the paper reveals that organizations are prioritizing security in terms of budget and tool adoption, but are vulnerable to even greater risks that exist within their organizations.
Specifically, nearly 62 percent of survey respondents cited user errors as the top cybersecurity threat within the company, claiming that user mistakes contributed to the largest attack exposure. Of these insider threats, more than half of survey respondents reported that regular employees (rather than executives or those with privileged access) pose the biggest risk for insider abuse or misuse.
BeyondTrust today launched the fourth edition of the company’s 2019 Privileged Access Threat Report, which explores the visibility, control, and management that IT organizations have over employees, contractors, and third-party vendors with privileged access to their IT networks.
According to the report, 64% believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access.
Poor security hygiene by employees continues to be a challenge; writing down passwords, for example, was cited as a problem by 60% of organizations, while colleagues telling each other passwords was also an issue for 58% of organizations in 2019.
Ultimately, 71% of organizations agree that they would be more secure if they restricted employee device access. However, this isn’t usually realistic, let alone conducive to productivity.