A new IT survey shows that 81 percent of organizations said they experienced an increase in cybersecurity challenges in the past year, with respondents telling US Signal that of these, 40 percent experienced at least one security incident in that time period, while 13 percent did not know if they had.
In the age of the security breach, such a high number (13 percent) should actually be closer to zero, but the "Health of the Nation" survey suggests that organizations are not only experiencing breaches, but they are doing so at an alarming rate.
The survey featured responses from about 120 security experts from a number of sectors, including technology, healthcare, education, food services and logistics.
"After 12 months of major hacks like the Equifax breach, the WannaCry and NotPetya ransomware outbreaks, and the Spectre and Meltdown flaws in Intel chips, the findings reflect this surge in threats and demonstrate a need for stronger investment and education," the company’s survey authors reported.
Likewise, respondents said their top three security challenges included protecting against email-related threats like ransomware, malware and phishing; managing legacy systems with little or no security updates available; and ensuring the company is always up to date with patches and updates.
Of the three, qualified security experts in any of these organizations shouldn’t have much trouble working through these issues. Legacy technology may create some hurdles, especially if the technology is intertwined throughout an organization. This can easily be made a priority to be addressed, but it doesn’t appear to be the case.
Education may be required by leadership of employees and how they might want their organizations to handle suspicious emails, but those efforts should be a given at this point; and managing critical patches should be a routine task of any IT team.
In other words, the top three security challenges for organizations don’t need to be challenges at all given the relativity of their low-hanging fruitiness.
The survey aptly points this out: "These findings imply users still do not understand email security best practices and that many organizations could benefit from increased phishing and internet safety education programs. It is also evident that patches and updates are now top of mind, as many of the last year's biggest breaches were achieved through the exploitation of unpatched vulnerabilities."
"Knowing how real and damaging the threats are, organizations need to re-inforce their security postures by educating employees about vulnerabilities like email threats and software patches to protect their sensitive data from attacks," said Trevor Bidle, vice president, data protection officer and information security and compliance officer at US Signal.
"Companies must invest in the right talent and solutions to meet strict regulations … and defend against threats like aggressive new ransomware strains."
Per the survey, businesses are trying to address emerging threats in a variety of ways: about 60 percent rely on a small internal IT teams; 50 percent work with an IT service provider; 27 percent employ a security team; 21 percent invest heavily in new technologies; 4 percent simply do nothing at all.
Meanwhile, investment varied. About one-third of organizational respondents said they think they invest the correct amount of money annually to protect against breach. Another third said they need to spend more. Based on these results, that seems likely.
