80% of Companies Had a Security Incident in 2015

A full 80% of organizations experienced an IT security incident in 2015, but that hasn’t dampened the optimism among IT professionals: A full 71% of IT professionals expect their organizations to be more secure in 2016 as they invest in more advanced security solutions and ramp up end user trainings. 

That’s the word from Spiceworks, whose latest survey found that the widespread nature of security threats is forcing IT professionals to evaluate their exposure to common and not-so-common issues they may face in 2016.

“The results show that IT professionals feel responsible for the security of their organization’s data, and in a world where technology is getting more complex and organizationally distributed, their jobs aren’t getting any easier,” said Sanjay Castelino, vice president of marketing at Spiceworks. “In reaction to these challenges, they’re being more proactive about preventing security incidents and breaches by learning about new threats, regularly educating employees about risks, and investing in more advanced security solutions.”

IT professionals were asked to detail the most common security incidents their organizations experienced in 2015 and compare them to the security challenges they expect in 2016. Interestingly, malware attacks were reported by 51% of IT professionals in 2015, followed by phishing and spyware incidents at 38 and 34% respectively. This aligns closely to the percentage of organizations that are concerned about these incidents in 2016. However, 53% said they’re concerned about ransomware in 2016, but only 20% of organizations experienced a ransomware incident in 2015.

Thirty-nine and 37% of IT professionals also expressed concern about data theft and password breaches respectively, but only 5% of organizations experienced an incident of data theft in 2015 and only 12% experienced a password breach.

IT professionals were also asked to disclose their concerns regarding individual hackers or groups. About half (49%) said they’re concerned about independent hackers, 36% cited rogue employees and a quarter (25%) said organized crime groups. Only 12% said they’re concerned about cyber-terrorist groups and state-sponsored hackers, and 10% indicated concern for hacktivist groups.

At the same time, the findings showed that internal threats represent a significant IT security challenge. About 80% of surveyed IT professionals indicated that end users represent the biggest challenge when it comes to IT security due to a limited understanding of security issues and resistance to security solutions and policies.

Additionally, 48% of IT professionals believe “shadow IT,” the deployment of technology by employees without approval from the IT department, is a risk to their organization.

IT professionals are also concerned about devices that have access to company data but provide less control to protect end users from breaches, such as mobile devices. When asked which network-connected end points are at risk of a security breach in 2016, 81% of IT professionals indicated laptops and 73% indicated desktops, but smartphones and tablets weren’t far behind at 70 and 62% respectively. Nearly 50% of IT professionals are also concerned about network-connected internet of things (IoT) devices.

The good news is that in order to protect end users from breaches on various devices in the workplace, 73% of IT professionals are enforcing end-user security policies, and 72% are regularly educating their employees through lessons on topics such as “how to avoid malware” and “how to spot phishing scams.” IT professionals are also focused on their own education and ensuring they’re up-to-speed on the latest security issues. In fact, 66% are taking the time to learn about new threats, and 60% are regularly evaluating new security solutions. 

"The number one source of a network breach or virus infection are end users that lack an understanding of potential security risks,” said CJ Wood, IT director at Decorating Den Interiors, quoted in the survey. “We have to remember they aren't the IT professionals. It’s our job to protect them with comprehensive security tools and make sure they’re educated on cyber threats, phishing, spam and other security issues."

Photo © NicoElNino

What’s Hot on Infosecurity Magazine?