Attacks/Breaches

11/4/2016
08:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NetEnrich Survey: Companies Brace for New Cyber Attacks as Threats Multiply

Stolen or weak passwords cause most attacks, but companies are also battling rogue employees, state-sponsored organizations, system failures and Advanced Persistent Threats

San Jose, California – November 3, 2016 – NetEnrich announces the results of a survey on cyber attack readiness. The survey, which ran online in October and included 150 IT professionals, sought to understand companies’ level of preparedness as it pertains to cyber threats and steps they’ve taken to combat potential strikes. The key takeaway was that most companies have a plan for dealing with cyber attacks, and yet at least a third of respondents believe their plan has left key hardware and software systems unprotected.

Cyber attacks on large and midsize companies are rampant. They’re destructive, pervasive and expensive. Ecommerce, telco and financial services organizations are the most common industry targets, but they’re not alone. In 2015, more than 112 million medical records were compromised in 253 coordinated attacks, and the average consolidated cost of a breach across industries is $4 million per company. In seconds, sensitive corporate and customer data can be compromised, held for ransom or lost forever.

So, what can corporate IT do to safeguard their organizations? Most organizations start with a cyber security readiness plan. According to the NetEnrich 2016 Cyber Attack Readiness survey, 82 percent of companies have a plan in place already. And while half of all respondents said the main goal of their plan was attack prevention, the other 50 percent were focused on some combination of recovery of loss from attacks, organizational response to attacks and continuity of business throughout the attack.

Compounding the security problem for organizations is the growing list of potential threats. Employees (rogue or otherwise) are still the greatest source (53 percent) of cyber attacks on companies per NetEnrich’s findings, but non-employees working as part of a “group” were the next most likely instigators at 18 percent. Meanwhile, 15 percent of survey respondents said their companies had been attacked by a non-employee working alone, and four percent attributed attacks to state-sponsored organizations.

And whereas were once upon a time petty theft was the focus of most cyber attacks, today, cybercrime is big business. The majority of persons responding to NetEnrich’s survey said the average cost to their organizations was between $50,000 and $100,000.

Over 40 percent of companies surveyed by NetEnrich claim to have been the victim of a cyber attack. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.

Other noteworthy findings from the NetEnrich survey include:

 

·  30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.

·  66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”

·  83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on-premise security solutions.

·  Desktop and laptop computers were most at risk (59 percent) in a cyber attack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).

·  72 percent have tools in place to defend against Advanced Persistent Threats.

“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” says Raju Chekuri, President and CEO at NetEnrich. “I applaud the 82 percent of companies in our survey that have cyber attack readiness plans in place but what are the other 18 percent waiting for? Our advice to customers and prospects continues to be: Act now, be comprehensive, and be proactive. Partners like NetEnrich can help, but we need buy-in from CIOs and down the line in IT.”

 

For more information about the NetEnrich 2016 Cyber Attack Readiness survey, see here.

 

About NetEnrich

NetEnrich combines industrialized services and a proprietary automation platform to deliver IT infrastructure and operations management services from on-premise to cloud. NetEnrich is also a Microsoft technology partner specializing in accelerating deployment, migration and management of application workloads on Azure. Our approach to IT operations reduces costs, mitigates risk, provides control and drives innovation. NetEnrich has five global delivery centers, is headquartered in Silicon Valley, California, and is a Gartner 2015 Cool Vendor. To learn more about NetEnrich, visit www.netenrich.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.