Around 60% of global organizations have suffered a breach in the past three years, with the rest increasingly feeling like their turn is coming soon, according to new research from Bitdefender.
The security firm polled over 6000 cybersecurity professionals from organizations of all sizes in the UK, US, Australia, New Zealand, Germany, France, Italy and Spain to compile its Hacked Off! study.
While six in 10 respondents said they’d been hit by a data breach, 36% claimed they could be facing one without knowing. It’s no surprise that over half (58%) are concerned about the readiness of their organization to deal with such an attack.
Board-level buy-in is a major sticking point: 57% of respondents claimed that the C-suite is the least likely to comply with corporate cybersecurity policy, putting their firm at risk and making it hard to drive the kind of company-wide security-by-design culture demanded by GDPR and other regulators.
Nearly three-quarters (73%) believe they’re more at risk as they are under-resourced, while alert fatigue is a major problem, with over half (53%) of endpoint detection and response (EDR) alerts described as false alarms.
The research found that, partly because of this EDR failure, firms are reacting too slowly to incidents.
Over a fifth (29%) claimed it would take a week or longer to detect an advanced cyber-attack, while just three in every 100 cybersecurity professionals claimed 100% of attacks can be efficiently detected and isolated.
Yet despite all of these shortcomings, more than half (57%) of respondents rated their organization’s cybersecurity “very good” or “excellent.”
Liviu Arsene, global cybersecurity researcher at Bitdefender, explained that further investments in anti-malware, network traffic analysis and EDR were all highlighted by respondents as necessary.
“Poor cybersecurity is an undeniable threat to businesses today. From the loss of customer trust to the impact on the bottom line it is critical for infosec professionals to get it right,” he added.
“According to respondents, 53% of infosec professionals have contemplated leaving their job due to under-resourcing in terms of staff. Resources are in fact such a bugbear that infosec pros say the main obstacles to their organizations’ strengthening their cybersecurity posture are a lack of budget and a lack of skilled personnel.”