The CyberEdge Group is an award-winning research firm that serves information security vendors and service providers. They recently surveyed 1,100 qualified IT security decision makers & practitioners, all from organizations with more than 500 employees, representing 15 countries and 19 industries.
The 37-page report was sponsored by vendors like Symantec, HP, SecureWorks and Webroot and is excellent ammo for your IT security budget requests. (click on graphic to enlarge and download)
The Results Are Eye Opening
The percentage of respondents affected by successful attacks has risen the last three years from 62% in 2014, to 71% in 2015, to 76% in 2016, and to 79% in 2017 with no end in sight.
When asked about perceptions and concerns, here are the top problems:
- Employees still to blame: Low security awareness among employees continues to be the greatest inhibitor to defending against cyberthreats, followed closely by a shortage of skilled personnel and too much data for IT security teams to analyze (page 17).
- Threats keeping us up at night: Malware, phishing, and insider threats give IT security the most headaches (page 13).
- Ransomware’s bite out of the budget. Six in 10 respondents said their organization was affected by ransomware in 2016, with a full third electing to pay the ransom to get their data back (page 14).
- Ransomware’s biggest nightmare. The potential for data loss is the greatest concern stemming from ransomware, while the potential for revenue loss trails the field (page 15).
- Microsoft leaving the door open? With two-thirds of respondents not fully satisfied with Microsoft’s security measures for Office 365, the door remains open for third-party security solutions (page 16).
When asked to assess on a scale of 1 to 5, the adequacy of their organization’s capabilities (people and processes) they scored "User security awareness / education" third from the bottom.
The report observed: "Far less surprising is the appearance of user education/ awareness and secure application development/testing at the bottom of the rankings. The former is consistent with the later finding of users being the greatest inhibitor to achieving effective defenses.
Their comments on this topic could have come straight from KnowBe4's CEO:
"Once again, respondents cited users as the greatest obstacle to their organization’s establishing effective defenses, as “low security awareness among employees” topped the chart for a remarkable fourth consecutive year. “Ahem … enterprise security teams, can you hear us?” Given the consistency of this finding, don’t you think it makes sense to try investing a bit more in all of those human firewalls at your disposal? Call us crazy, but armed with the proper knowledge, we think they could easily flip the script, and go from being your biggest security burden to your biggest security asset.
We could not agree more! Download the whole report, this is worthwhile. Direct link for cut&paste: https://cyber-edge.com/portfolio/cyberedge-2017-cyberthreat-defense-report%E2%80%A8/
Free Phishing Security Test
Did you know that 91% of successful data breaches started with a spear-phishing attack?
Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone™ with our free test.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: