Today Guidance Software, developer of the EnCase suite of endpoint security and digital forensics applications, released a brand new survey on the current state of cybersecurity.
They surveyed 330 security and IT professionals during May 2017, asking them about cyber-attacks in the past year and how that's affected their plans for the future. Here are some of their key findings.
About 65% of organizations had malware related breaches, an increase from 56% in 2016. As many as 23% of organizations have been hit by ransomware, with 9% admitting to have paid the ransom. None of the organizations surveyed claim to have paid a ransom in 2016. Interestingly, only 48% of respondents believe they'll need to respond to a breach within the next year.
Approximately 25% of organizations suffered direct financial losses due to cyber-attacks or data breaches in the past year. Around 20% of breach victims lost more than $1 million USD as a result. Minor financial losses are also increasing; 11% of respondents claimed them in 2016, and 19% recently.
The survey also concludes what organizations say their top three IT security challenges are. The rankings are: 35% of respondents claim risk assessment; as many as 34% say that security policy enforcement is a big challenge for them; and 31% say it's managing the complexity of cybersecurity in general.
These findings from Guidance Software's survey indicate the direction enterprise cyhbersecurity may be heading in the near future.
People in the information security field have opinions about the survey.
Cheryl Biswas, cybersecurity consultant for KPMG, said: “The challenge always has and always will be the human factor. We can't rely on automation or AI to predict that accurately. Our approach to security awareness and training has to change. We need to look at building it as a culture, so that we change perceptions into habits that will reinforce security practices. An end user who is actively monitoring their surroundings, both digital as well as physical, is an invaluable security asset. Attackers can breach both online portals as well as tailgate their way into organizations. The best attacks aren't sophisticated—they are simple and proven multiple times over because they exploit basic human tendencies.”
Todd Howe, systems adminstrator for Offensive Security, added: “Each organization has its own context and challenges, so while it's difficult to take specific actions from general surveys of this nature, it's heartening to see information security staffing levels on the rise. The incidence of major breaches drives home the point that the industry can't afford complacency. All hands on deck!”