The mismatch of signals by IT organizations shows a potential overestimation on IT’s part about its ability to prevent and protect against new cyberthreats.
It’s not often that IT has its’ wires crossed about its own preparedness. Usually we’re the ones that are the most critical of our own abilities. But in the latest Global Threat Report from security vendor Carbon Black, we find that IT may be speaking out of both sides of its’ mouth.
On the one hand, 79 percent of IT organizations surveyed said they are more confident they can prevent cyberattacks today than a year ago. That’s good! Organizations need to be prepared for the ever-changing tactics of cybercrime and fraud.
But then this statement is put to the test by digging a bit deeper. According to the report, organizations either were in really bad shape last year and are, technically, in “better” shape this year, or they simply aren’t ready: An overwhelming majority (88%) of organizations have suffered one or more breaches in the past 12 months from external cyberattacks. That’s a breach – not just an attempted attack that was detected and thwarted, an actual breach! And, of these organizations, 75% reported damages to their company’s reputation. So, we’re talking some serious attacks.
In addition, there are some other details in this report that may spell out why this is so. According to the report:
- 61% of organizations reported that “recruitment and training of specialist cybersecurity staff” is more difficult now than it was 12 months ago
- 34% of organizations who have experienced a cyberattack state phishing attacks were the prime cause of the breach
What these two stats show is that IT simply doesn’t have enough help to ensure a secure environment. And, even if they did, more IT expertise probably isn’t going to suffice. Why? Because the single largest point of security failure rests between the phishing email and the user it’s sent to.
Organizations that wish to be in that initial 79% that feel like they’re truly better prepared need to engage their users to become a part of the organization’s security stance by enrolling them in new-school Security Awareness Training that teaches them how and why it’s critical for each and every user to be vigilant against malicious content in email and on the web.
The Carbon Black data makes it clear – organizations are only fooling themselves if they think they’re ready for the next attack. What’s necessary is to expand your security reach all the way down to each and every employee to reduce the attack surface to where it’s no longer effective. Security Awareness Training uniquely help address the problem spelled out in this report.