The sheer volume of data breaches and cyberattacks means these incidents are now more visible than ever. Long gone are those days when affected organizations would wait till late Friday afternoons to disclose incidents in hopes of burying the news. The heightened focus is driving security professionals to rethink their enterprise security strategy and investments in tools and services.
Despite deploying a wide range of security tools to address cyber threats against their organizations, the IT and security decision makers in Dark Reading’s Strategic Security Survey don’t seem confident in the organization’s ability to withstand attacks. A high percentage believe that the processes they have implemented, such as multi-factor authentication, malware analysis capabilities and end-user security awareness training programs are effective. Sixty-three percent are confident in their ability to respond effectively to a ransomware attack.
However, 55% say their organizations are more vulnerable to data breaches than a year ago because attackers have more ways to target and break into their networks, and 58% say their organizations were more concerned about ransomware than it was a year ago. And the future doesn’t look any more optimistic: 78% say adversaries will target cloud service providers more in the coming year.
Twenty-five percent of respondents expect that if a major breach were to happen at their organization in the next 12 months, an automated malware tool will likely be the primary cause for it.
From a future breach standpoint, end users remain the biggest concern, though. Over a third (38%) believe that the primary cause of their organization’s next major data breach in the coming year would be a negligent end user or end user who breaks security policy. Almost a quarter (24%) expect it will be some kind of super elusive social engineering scam, and 15% worried about the organization’s heavy reliance on remote systems and homeworkers. And 10% felt end-user security awareness programs were ineffective.
Policy enforcement and the complexity associated with managing a security strategy remain big challenges. A slew of issues appears to be hampering their ability to harness the full benefits of these processes and technologies. Security policy enforcement is one example. Thirty-one percent of organizations—or about the same as last year’s 30%—struggled to enforce security policies at their organizations and an identical proportion were hard pressed to manage the complexity associated with modern security threats.
Read more for insights from Dark Reading’s Strategic Security Survey.
Source: www.darkreading.com