Attacks/Breaches
11/4/2016
08:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NetEnrich Survey: Companies Brace for New Cyber Attacks as Threats Multiply

Stolen or weak passwords cause most attacks, but companies are also battling rogue employees, state-sponsored organizations, system failures and Advanced Persistent Threats

San Jose, California – November 3, 2016 – NetEnrich announces the results of a survey on cyber attack readiness. The survey, which ran online in October and included 150 IT professionals, sought to understand companies’ level of preparedness as it pertains to cyber threats and steps they’ve taken to combat potential strikes. The key takeaway was that most companies have a plan for dealing with cyber attacks, and yet at least a third of respondents believe their plan has left key hardware and software systems unprotected.

Cyber attacks on large and midsize companies are rampant. They’re destructive, pervasive and expensive. Ecommerce, telco and financial services organizations are the most common industry targets, but they’re not alone. In 2015, more than 112 million medical records were compromised in 253 coordinated attacks, and the average consolidated cost of a breach across industries is $4 million per company. In seconds, sensitive corporate and customer data can be compromised, held for ransom or lost forever.

So, what can corporate IT do to safeguard their organizations? Most organizations start with a cyber security readiness plan. According to the NetEnrich 2016 Cyber Attack Readiness survey, 82 percent of companies have a plan in place already. And while half of all respondents said the main goal of their plan was attack prevention, the other 50 percent were focused on some combination of recovery of loss from attacks, organizational response to attacks and continuity of business throughout the attack.

Compounding the security problem for organizations is the growing list of potential threats. Employees (rogue or otherwise) are still the greatest source (53 percent) of cyber attacks on companies per NetEnrich’s findings, but non-employees working as part of a “group” were the next most likely instigators at 18 percent. Meanwhile, 15 percent of survey respondents said their companies had been attacked by a non-employee working alone, and four percent attributed attacks to state-sponsored organizations.

And whereas were once upon a time petty theft was the focus of most cyber attacks, today, cybercrime is big business. The majority of persons responding to NetEnrich’s survey said the average cost to their organizations was between $50,000 and $100,000.

Over 40 percent of companies surveyed by NetEnrich claim to have been the victim of a cyber attack. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.

Other noteworthy findings from the NetEnrich survey include:

 

·  30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.

·  66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”

·  83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on-premise security solutions.

·  Desktop and laptop computers were most at risk (59 percent) in a cyber attack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).

·  72 percent have tools in place to defend against Advanced Persistent Threats.

“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” says Raju Chekuri, President and CEO at NetEnrich. “I applaud the 82 percent of companies in our survey that have cyber attack readiness plans in place but what are the other 18 percent waiting for? Our advice to customers and prospects continues to be: Act now, be comprehensive, and be proactive. Partners like NetEnrich can help, but we need buy-in from CIOs and down the line in IT.”

 

For more information about the NetEnrich 2016 Cyber Attack Readiness survey, see here.

 

About NetEnrich

NetEnrich combines industrialized services and a proprietary automation platform to deliver IT infrastructure and operations management services from on-premise to cloud. NetEnrich is also a Microsoft technology partner specializing in accelerating deployment, migration and management of application workloads on Azure. Our approach to IT operations reduces costs, mitigates risk, provides control and drives innovation. NetEnrich has five global delivery centers, is headquartered in Silicon Valley, California, and is a Gartner 2015 Cool Vendor. To learn more about NetEnrich, visit www.netenrich.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.