Member Article

Survey Shows Security Professionals Expect the Worst and Claim They Are Prepared

Varonis Systems has released findings from an independent survey exploring security practices and expectations in the wake of the massive Equifax breach. The survey, which polled 500 IT decision makers in the UK, Germany, France and U.S., highlights an alarming disconnect between security expectations and reality.

The vast majority (89%) express confidence in their cybersecurity stance and feel that their organization is in a good position to protect themselves from attack. Yet in the months after WannaCry, 4 in 10 organizations are not taking critical steps to lock down sensitive information, putting them at risk from data loss, data theft and the next ransomware attack. Nearly half of respondents (45%) believe their organization will face a major, disruptive attack in the next 12 months.

Looking ahead to 2018, data theft and data loss were cited as top concerns for organizations. Other notable findings include:

● 25% reported their organization was hit by ransomware in the past two years. ● 26% reported their organization experienced the loss or theft of company data in the past two years. ● 8 out of 10 respondents are confident that hackers are not currently on their network. ● 85% have changed or plan to change their security policies and procedures in the wake of widespread cyberattacks like WannaCry.

“It is encouraging that IT professionals are understanding that it’s a matter of when, not if, their organization will be hit with a damaging cyberattack. However, their level of confidence when it comes to security is inconsistent with what we see in practice,” said John Carlin, former Assistant Attorney General for the U.S. Department of Justice’s National Security Division and currently chair of Morrison & Foerster’s global risk & crisis management practice. “The reality is that businesses are consistently failing to restrict access to sensitive information and are regularly experiencing issues such as data loss, data theft and extortion in the form of ransomware.”

The survey also showed major differences on cybersecurity policies and tendencies by country. Key findings in this area include: ● Only 66% of U.S. organizations and 51% of EU-based organizations surveyed fully restrict access to sensitive information on a “need-to-know” basis. Organizations in Germany are the least likely to restrict access (38%). ● A majority (67%) of respondents reported their organizations have cybersecurity insurance policies. They are least prevalent in the U.S. (62%) and most common in France (75%). ● German organizations have been hit particularly hard by ransomware, with 34% affected in the past 2 years.

“Attackers are upping their game, using more sophisticated, blended attacks like WannaCry and NotPetya that make use of multiple attack vectors,” said Varonis CMO David Gibson. “At the same time, valuable data remains vulnerable to attacks that require little to no sophistication, like disgruntled employees snooping through overly accessible folders. While it’s heartening that major security incidents are inspiring preparedness, if the past year is any indication, it is unlikely the actual security of these organizations aligns with perception.”

Read the full survey findings: https://www.varonis.com/learn/cybersecurity-expectations-vs-reality-survey/

This was posted in Bdaily's Members' News section by Varonis .