By Darren Guccione, CEO and Co-Founder, Keeper Security
Major shifts in workplace models and norms, including the move to hybrid and remote work, have transformed the cybersecurity landscape over the past two years. This groundshift comes as the volume and severity of cyberattacks continues to intensify. At Keeper Security, we recently surveyed IT decision-makers at companies and organizations across the U.S. to glean their perspectives on the increased risk of cyberattacks and what their businesses are doing–or failing to do–to address the growing threat of bad actors.
The results, published in the 2022 U.S. Cybersecurity Census Report, revealed that investment in cybersecurity tools, employee education, and cultural shifts within organizations is critical for IT leaders to protect their businesses from cybercriminals.
An uptick in cyberattacks and increased severity
Cyberattacks severely impact businesses of all sizes and sectors and show no signs of stopping or slowing down. Survey respondents expect cyberattacks to intensify over the next year, with 39% predicting the number of successful cyberattacks will also increase. Yet, 32% lack a management platform for IT secrets.
U.S. businesses experience 42 cyberattacks on average each year, and the financial, reputational, and organizational repercussions are increasing. Many organizations reported being unable to carry out critical operations (23%) and losing contracts (19%), among other harmful impacts. Of those businesses that experienced monetary losses, the average amount was more than $75,000, and 37% of organizations lost $100,000 or more.
Lack of preparedness and investment in cybersecurity tools
Despite awareness of growing threats, organizations fall short in cybersecurity investments and tools, leaving them ripe for attack. An alarming one-third (32%) of IT leaders lack a management platform for IT secrets, such as API keys, database passwords, and privileged credentials.
Fewer than half (48%) of respondents have plans to invest in password management, visibility tools for network-based threats, or infrastructure secrets management, despite the devastating repercussions of even one stolen password. Stolen passwords and credentials continue to be the root cause of countless high-profile data breaches and cyberattacks.
Prioritizing cybersecurity in organizations
Our survey revealed that IT leaders believe they’re prepared to fend off this onslaught of cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale. At the same time, however, most respondents (57%) say it is taking longer to respond to attacks, which is particularly troublesome given the expectation that this problem will continue to grow. Internal and external threats are increasing with the shift to hybrid and remote work. An overwhelming 79% of IT professionals are concerned about a breach from within their organization, with 39% of respondents seeing rising external threats as one of their top three concerns.
While cybersecurity is a key priority, staying a step ahead of bad actors poses a continuous challenge–and many businesses are not keeping pace. Most respondents (71%) reported making new hires in cybersecurity over the past year, and 58% are increasing cybersecurity training. Yet, while investment in cybersecurity is growing, cybersecurity is not a high enough organizational priority. Fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats, or infrastructure secrets management. IT leaders must invest in cybersecurity tools to protect their businesses in the evolving threat landscape.
Transparency and trust in company culture
Cybersecurity is a pillar of every good business, and the survey findings underscore the need for business leaders to make cybersecurity a part of organizational culture. Yet, IT leaders admit a lack of transparency in cyber incident reporting within their businesses. Nearly half (48%) of respondents were aware of a cyberattack in their organization but did not report it. Companies must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organizations face. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization’s culture.
Meanwhile, another vital aspect of a cybersecurity-centric culture is education and training. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management, and 30% of respondents allow employees to set their passwords.
Creating lasting change to prevent attacks
While IT leaders take security threats seriously, our survey results reveal they are unprepared for the explosive growth in risk. Leaders must prioritize cybersecurity within their organizations by implementing a management platform for IT secrets, hiring and empowering their IT staff, creating a culture of trust, and educating employees.
About the Author
Darren Guccione is the CEO and Co-Founder of Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software. Darren is an entrepreneur, tech leader and serial inventor who is passionate about creating disruptive technologies and finding the intersection between art, science, finance and technology. In addition to founding Keeper Security, Darren co-founded Callpod, Inc. in 2006 and OnlyWire, LLC in 2008. He also served as the CFO and co-founder of Apollo Solutions, Inc., which was acquired by CNET Networks (now CBS Interactive). Follow Darren Guccione on LinkedIn and learn more about Keeper Security by visiting keepersecurity.com.
Source: www.cyberdefensemagazine.com