Tripwire Black Hat Survey: "68% of Pros Felt Cyber Security Lacking After WannaCry & Petya Attacks"



 

Tripwire-Black-Hat-USA-2017-Survey-768x582

Over two-thirds of Infosec Pros who were asked at Black Hat if they felt their organizations had made the necessary cyber security improvements since the WannaCry and Petya attacks earlier this year were negative according to new research by Tripwire.

Surprisingly, the survey showed that despite the damage caused by these destructive strains there are still major doubts if organizations have taken sufficient action to improve their cyber-defenses, with Tripwire suggesting this lack of confidence could be a result of organizations failing to implement critical security controls.

Nearly a third of respondents felt that the biggest problem organizations faces are knowing what devices are on its network, and concerns about vulnerability management (14%), administrative privileged issues (6%) and audit log attention (6%) also cropped up as areas of worry.

Moreover, a whopping 40% believed that there was not a singular cause of security problems and that businesses were failing at all of the above. OUCH

"No matter how big or small an organization is, it has to have a serious attitude towards security."

Tim Erlin, vice-president at Tripwire, said that no matter how big or small an organization is, it has to have a serious attitude towards security.

“If you were lucky enough not to have been effected by WannaCry or Petya take it as a sign. Remember, you don’t have nine lives. All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover.

“Adopting best practices and leveraging critical security controls will continue to be the best bet for defending against advanced adversaries and can help close the gap within a business’s security infrastructure. 

“It is important to understand that good security hygiene will greatly reduce the effectiveness of an attack and goes a long way to making the attackers job more difficult.”

On the plus side, the majority of those polled (84%) claimed their company is looking to invest budget in mitigating its cybersecurity risks, something welcomed by Erlin.

"One of the most important tools, and probably the one that gets overlooked, is education.”

“It’s good to see businesses investing in security defenses,” Erlin said. “However, it’s about purchasing the right technology that’s suited to that company and to understand that technology is not the only solution. Enterprises need to remember to focus on the fundamentals of security. One of the most important tools, and probably the one that gets overlooked, is education.” We could not agree more.

More pseudo-ransomware attacks are probably on the way

While we are on this subject, more pseudo-ransomware attacks like NotPetya and WannaCry are probably on the way. Kaspersky Labs’ quarterly report suggests that the trend is likely here to stay for now, as waves of increasingly sophisticated hacks further the veiled aims of shadowy individual actors and governments alike.

As the report explains:

“While very different in nature and targets, both were surprisingly ineffective as ‘ransomware.’ For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction… The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.”

Get a quote for new-school security awareness training 

We strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

Get A Quote

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc

NewStu.png

 


Topics: Cybersecurity



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews