NetEnrich Survey: Companies Brace for New Cyber Attacks as Threats MultiplyStolen or weak passwords cause most attacks, but companies are also battling rogue employees, state-sponsored organizations, system failures and Advanced Persistent Threats
San Jose, California – November 3, 2016 – NetEnrich announces the results of a survey on cyber attack readiness. The survey, which ran online in October and included 150 IT professionals, sought to understand companies’ level of preparedness as it pertains to cyber threats and steps they’ve taken to combat potential strikes. The key takeaway was that most companies have a plan for dealing with cyber attacks, and yet at least a third of respondents believe their plan has left key hardware and software systems unprotected.
Cyber attacks on large and midsize companies are rampant. They’re destructive, pervasive and expensive. Ecommerce, telco and financial services organizations are the most common industry targets, but they’re not alone. In 2015, more than 112 million medical records were compromised in 253 coordinated attacks, and the average consolidated cost of a breach across industries is $4 million per company. In seconds, sensitive corporate and customer data can be compromised, held for ransom or lost forever.
So, what can corporate IT do to safeguard their organizations? Most organizations start with a cyber security readiness plan. According to the NetEnrich 2016 Cyber Attack Readiness survey, 82 percent of companies have a plan in place already. And while half of all respondents said the main goal of their plan was attack prevention, the other 50 percent were focused on some combination of recovery of loss from attacks, organizational response to attacks and continuity of business throughout the attack.
Compounding the security problem for organizations is the growing list of potential threats. Employees (rogue or otherwise) are still the greatest source (53 percent) of cyber attacks on companies per NetEnrich’s findings, but non-employees working as part of a “group” were the next most likely instigators at 18 percent. Meanwhile, 15 percent of survey respondents said their companies had been attacked by a non-employee working alone, and four percent attributed attacks to state-sponsored organizations.
And whereas were once upon a time petty theft was the focus of most cyber attacks, today, cybercrime is big business. The majority of persons responding to NetEnrich’s survey said the average cost to their organizations was between $50,000 and $100,000.
Over 40 percent of companies surveyed by NetEnrich claim to have been the victim of a cyber attack. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.
Other noteworthy findings from the NetEnrich survey include:
· 30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.
· 66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”
· 83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on-premise security solutions.
· Desktop and laptop computers were most at risk (59 percent) in a cyber attack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).
· 72 percent have tools in place to defend against Advanced Persistent Threats.
“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” says Raju Chekuri, President and CEO at NetEnrich. “I applaud the 82 percent of companies in our survey that have cyber attack readiness plans in place but what are the other 18 percent waiting for? Our advice to customers and prospects continues to be: Act now, be comprehensive, and be proactive. Partners like NetEnrich can help, but we need buy-in from CIOs and down the line in IT.”
For more information about the NetEnrich 2016 Cyber Attack Readiness survey, see here.
NetEnrich combines industrialized services and a proprietary automation platform to deliver IT infrastructure and operations management services from on-premise to cloud. NetEnrich is also a Microsoft technology partner specializing in accelerating deployment, migration and management of application workloads on Azure. Our approach to IT operations reduces costs, mitigates risk, provides control and drives innovation. NetEnrich has five global delivery centers, is headquartered in Silicon Valley, California, and is a Gartner 2015 Cool Vendor. To learn more about NetEnrich, visit www.netenrich.com.