Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/4/2016
08:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NetEnrich Survey: Companies Brace for New Cyber Attacks as Threats Multiply

Stolen or weak passwords cause most attacks, but companies are also battling rogue employees, state-sponsored organizations, system failures and Advanced Persistent Threats

San Jose, California – November 3, 2016 – NetEnrich announces the results of a survey on cyber attack readiness. The survey, which ran online in October and included 150 IT professionals, sought to understand companies’ level of preparedness as it pertains to cyber threats and steps they’ve taken to combat potential strikes. The key takeaway was that most companies have a plan for dealing with cyber attacks, and yet at least a third of respondents believe their plan has left key hardware and software systems unprotected.

Cyber attacks on large and midsize companies are rampant. They’re destructive, pervasive and expensive. Ecommerce, telco and financial services organizations are the most common industry targets, but they’re not alone. In 2015, more than 112 million medical records were compromised in 253 coordinated attacks, and the average consolidated cost of a breach across industries is $4 million per company. In seconds, sensitive corporate and customer data can be compromised, held for ransom or lost forever.

So, what can corporate IT do to safeguard their organizations? Most organizations start with a cyber security readiness plan. According to the NetEnrich 2016 Cyber Attack Readiness survey, 82 percent of companies have a plan in place already. And while half of all respondents said the main goal of their plan was attack prevention, the other 50 percent were focused on some combination of recovery of loss from attacks, organizational response to attacks and continuity of business throughout the attack.

Compounding the security problem for organizations is the growing list of potential threats. Employees (rogue or otherwise) are still the greatest source (53 percent) of cyber attacks on companies per NetEnrich’s findings, but non-employees working as part of a “group” were the next most likely instigators at 18 percent. Meanwhile, 15 percent of survey respondents said their companies had been attacked by a non-employee working alone, and four percent attributed attacks to state-sponsored organizations.

And whereas were once upon a time petty theft was the focus of most cyber attacks, today, cybercrime is big business. The majority of persons responding to NetEnrich’s survey said the average cost to their organizations was between $50,000 and $100,000.

Over 40 percent of companies surveyed by NetEnrich claim to have been the victim of a cyber attack. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.

Other noteworthy findings from the NetEnrich survey include:

 

·  30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.

·  66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”

·  83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on-premise security solutions.

·  Desktop and laptop computers were most at risk (59 percent) in a cyber attack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).

·  72 percent have tools in place to defend against Advanced Persistent Threats.

“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” says Raju Chekuri, President and CEO at NetEnrich. “I applaud the 82 percent of companies in our survey that have cyber attack readiness plans in place but what are the other 18 percent waiting for? Our advice to customers and prospects continues to be: Act now, be comprehensive, and be proactive. Partners like NetEnrich can help, but we need buy-in from CIOs and down the line in IT.”

 

For more information about the NetEnrich 2016 Cyber Attack Readiness survey, see here.

 

About NetEnrich

NetEnrich combines industrialized services and a proprietary automation platform to deliver IT infrastructure and operations management services from on-premise to cloud. NetEnrich is also a Microsoft technology partner specializing in accelerating deployment, migration and management of application workloads on Azure. Our approach to IT operations reduces costs, mitigates risk, provides control and drives innovation. NetEnrich has five global delivery centers, is headquartered in Silicon Valley, California, and is a Gartner 2015 Cool Vendor. To learn more about NetEnrich, visit www.netenrich.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.