The sheer volume of data breaches and cyber attacks means these incidents are now more visible than ever. Long gone are the days when affected organizations waited until late Friday afternoon to reveal incidents in hopes of burying the news. The increased attention is causing security professionals to reconsider their enterprise security strategy and investments in tools and services.
Despite implementing a wide range of security tools to address cyber threats against their organizations, IT and security decision makers involved in Dark Reading’s Strategic Security Survey do not appear confident in their organization’s ability to resist attacks. A high percentage believe that implemented processes, such as multi-factor authentication, malware analysis capabilities, and end-user security awareness training programs, are effective. 63% are confident in their ability to effectively respond to a ransomware attack.
However, 55% say their organizations are more vulnerable to data breaches than a year ago because attackers have more ways to target and penetrate their networks, and 58% say their organizations were more concerned for ransomware compared to a year ago. And the future doesn’t look any more optimistic: 78% say adversaries will target cloud providers more in the next year.
25% of respondents expect that if a major breach were to occur at their organization in the next 12 months, the root cause would likely be an automated malware tool.
From the perspective of future breaches, however, end users remain the biggest concern. Over a third (38%) believe the root cause of their organization’s next major data breach in the next year will be a negligent end user or an end user breaking security policy. Nearly a quarter (24%) expect it to be some sort of elusive social engineering scam, and 15% are concerned about their organization’s heavy reliance on remote systems and home workers. And 10% believe end-user security awareness programs are ineffective.
Policy enforcement and the complexity associated with managing a security strategy remain major challenges. A number of issues appear to hinder their ability to reap the full benefits of these processes and technologies. The enforcement of security policies is one example. Thirty-one percent of organizations, approximately the same as last year’s 30%, struggled to enforce security policies in their organizations, and an identical percentage struggled to manage the complexity associated with modern security threats.
Read more for insights from Dark Reading Strategic Security Survey.