08:00 AM
Dark Reading
Dark Reading
Products and Releases

NetEnrich Survey: Companies Brace for New Cyber Attacks as Threats Multiply

Stolen or weak passwords cause most attacks, but companies are also battling rogue employees, state-sponsored organizations, system failures and Advanced Persistent Threats

San Jose, California – November 3, 2016 – NetEnrich announces the results of a survey on cyber attack readiness. The survey, which ran online in October and included 150 IT professionals, sought to understand companies’ level of preparedness as it pertains to cyber threats and steps they’ve taken to combat potential strikes. The key takeaway was that most companies have a plan for dealing with cyber attacks, and yet at least a third of respondents believe their plan has left key hardware and software systems unprotected.

Cyber attacks on large and midsize companies are rampant. They’re destructive, pervasive and expensive. Ecommerce, telco and financial services organizations are the most common industry targets, but they’re not alone. In 2015, more than 112 million medical records were compromised in 253 coordinated attacks, and the average consolidated cost of a breach across industries is $4 million per company. In seconds, sensitive corporate and customer data can be compromised, held for ransom or lost forever.

So, what can corporate IT do to safeguard their organizations? Most organizations start with a cyber security readiness plan. According to the NetEnrich 2016 Cyber Attack Readiness survey, 82 percent of companies have a plan in place already. And while half of all respondents said the main goal of their plan was attack prevention, the other 50 percent were focused on some combination of recovery of loss from attacks, organizational response to attacks and continuity of business throughout the attack.

Compounding the security problem for organizations is the growing list of potential threats. Employees (rogue or otherwise) are still the greatest source (53 percent) of cyber attacks on companies per NetEnrich’s findings, but non-employees working as part of a “group” were the next most likely instigators at 18 percent. Meanwhile, 15 percent of survey respondents said their companies had been attacked by a non-employee working alone, and four percent attributed attacks to state-sponsored organizations.

And whereas were once upon a time petty theft was the focus of most cyber attacks, today, cybercrime is big business. The majority of persons responding to NetEnrich’s survey said the average cost to their organizations was between $50,000 and $100,000.

Over 40 percent of companies surveyed by NetEnrich claim to have been the victim of a cyber attack. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.

Other noteworthy findings from the NetEnrich survey include:


·  30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.

·  66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”

·  83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on-premise security solutions.

·  Desktop and laptop computers were most at risk (59 percent) in a cyber attack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).

·  72 percent have tools in place to defend against Advanced Persistent Threats.

“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” says Raju Chekuri, President and CEO at NetEnrich. “I applaud the 82 percent of companies in our survey that have cyber attack readiness plans in place but what are the other 18 percent waiting for? Our advice to customers and prospects continues to be: Act now, be comprehensive, and be proactive. Partners like NetEnrich can help, but we need buy-in from CIOs and down the line in IT.”


For more information about the NetEnrich 2016 Cyber Attack Readiness survey, see here.


About NetEnrich

NetEnrich combines industrialized services and a proprietary automation platform to deliver IT infrastructure and operations management services from on-premise to cloud. NetEnrich is also a Microsoft technology partner specializing in accelerating deployment, migration and management of application workloads on Azure. Our approach to IT operations reduces costs, mitigates risk, provides control and drives innovation. NetEnrich has five global delivery centers, is headquartered in Silicon Valley, California, and is a Gartner 2015 Cool Vendor. To learn more about NetEnrich, visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.