Overcoming the strains facing cybersecurity
Consumers are no longer surprised by data breaches. And, the truth is that large scale data breaches are here to stay. In fact, according to recent research from Bitdefender, six in every ten businesses have suffered a data breach in the last three years. And, by the end of July 2019 almost a quarter of infosec professionals revealed that the company they work for had suffered a data breach in the first six months of the year alone.
As enterprises continue to embrace technology and IT management increasingly become more digitally sophisticated, the threat landscape and capabilities of attackers continues to grow more complex. What’s more, infosec professionals are also having to contend with tight budgets, as well as a lack of talent and understanding from general employees and senior management. As a result, businesses are facing more cybersecurity risks now than ever before.
If companies are to truly protect themselves from evolving threats and ultimately protect the future success of their business, it is vital that they understand what issues are at play, go beyond thinking just about firewalls, and what they can do to avoid falling victim to an attack.
Understanding the stresses and strains
The research found that although over half (57%) of IT professionals rate their cybersecurity as very good or excellent, the risk businesses face from attackers is still very much a reality. In fact, 26% of IT professionals still believe their business could currently be undergoing a breach without even knowing it. With the biggest threats believed to be a phishing or whaling attack (36%) followed by Trojans (29%) and Ransomware (28%).
But it is not only the increasingly complex threat landscape that IT professionals need to be concerned about. Poor cybersecurity is an undeniable threat to businesses. From squeezed budgets and inadequate training to a lack of talent and resourcing, cybersecurity teams are under a huge amount of strain to ensure their businesses are protected and employees are sufficiently educated. In fact, over half (53%) of security professional have considered leaving their current role due to being under-resourced both financially and in terms of staffing.
If businesses don’t start investing the time, money and resources into their cybersecurity the consequences they face could be detrimental. In this year alone not only has the number of fines issued under GDPR noticeably increased but so too has the willingness to escalate the value of the fines. Over the summer, for example, we saw the ICO announcing astronomical fines of over 100 million to companies such as British Airways for failing to protect personal data.
It is not only financial repercussions that businesses need to be prepared for. The two most significant impacts that feared by IT professionals, should their organisation be breached, are business interruptions (43%) and reputational damage (38%). With the media’s continual focus on cybersecurity failures, organisations which are left exposed to an attack, could easily find themselves suffering from all sorts of irrevocable damages.
A plan of (preventing) attack
With both the threat landscape continuing to increase in complexity and organisations facing significant gaps in terms of their preparation against attacks, there are clearly improvements to be had. For businesses to truly get on top of their cybersecurity, the best place to start is focusing on cybersecurity training and educating employees. Once people are made aware of the threats that could occur and of the, often, simple steps that can be taken to avoid an attack in the first instant, infosecurity professionals are in a much better position to prevent large scale breaches.
Additionally, some of the main drivers for boosting an organisation's cybersecurity are improving data protection, and faster detection and response capabilities. Speed really is of the essence when it comes to detecting and acting against a cyber threat. The faster an organisation can react the faster you can isolate and remediate against cyber threats. As such, having technologies that will aid in the discovery of threats, such as ‘network traffic analysis’ and antivirus technology, is vital. Interestingly as well, 70% of infosec professionals believe that endpoint security detection and response (EDR) can help prevent future attacks.
Tactics, tools and talent
Ultimately, organisations need to scrutinise whether their current cybersecurity strategy is fit for purpose. However, to successfully protect themselves against a cyber attack, organisations cannot simply rely on strategy alone. They must not only commit to ensuring their strategy is put into practice but that it is also backed by a combination of the right technology, the right talent and a thorough understanding of the risks their organisation faces from insufficient cybersecurity.
Liviu Arsene is a Global Cybersecurity Researcher at Bitdefender.