Adam Greenberg at SC Magazine reported on something interesting:
The number of successful cyber attacks against organizations is increasing, according to the “2015 Cyberthreat Defense Report” from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations – in 19 industries – across North America and Europe.
Altogether, 71 percent of respondents said that their organization's global network was compromised by a successful cyber attack in 2014 – a number that jumped up from 62 percent in the year prior – and 22 percent said that their organization experienced six or more successful attacks, according to the report.
Not patching vulnerabilities is one reason successful attacks are on the rise, Steve Piper, CEO of CyberEdge Group, told SCMagazine.com in a Thursday email correspondence. He pointed to the report, which shows that 33 percent of organizations conduct full-network active vulnerability scans less often than quarterly, while 39 percent do so at least once per month.
Another reason for the rise is that attackers are refining their tactics – for example, they perform reconnaissance to carry out targeted spear phishing attacks involving malware, Piper said. In the report, respondents cited phishing attacks, malware and zero-day attacks as the top threats that are causing concern.
The issue is compounded because not enough investment is going into employee security awareness training, Piper said. “Our workforce is our last line of defense,” he said. “If employees are better trained to recognize the telltale signs of spear phishing attacks, our industry would experience far fewer successful data breaches.”
In the report, respondents indicated that low security awareness among employees is the top inhibitor to defending against threats – furthermore, less than 20 percent said they were confident their organization has made the proper investments in training. That obviously results in employees being spear-phished.
Other problems mentioned: mobile device management, budgets, and not having sufficient tools to get the job done. Article here.
Today, security awareness training programs will continue to fail until they get the same emphasis and support as technical controls. KnowBe4 has become the world’s most popular integrated Security Awareness Training and Simulated Phishing platform because it give you measurable control over your "human firewall". Find out how affordable this is for your organization today:
Related Pages: Spear Phishing