Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/14/2018
05:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Research from eSentire Finds Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years

Online Business Risk Index Tool unveiled to help firms identify their own key risk and steps to improve security maturity

CAMBRIDGE, Ontario--(BUSINESS WIRE)--eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider, today unveiled Cybersecurity FutureWatch 2018, a new research report that explores security evolution and maturity amid emerging technology adoption and evolving business needs. The report, which is based on a survey of more than 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada, found that only 30 percent of respondents are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years.

In terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 percent are optimistic in their firm’s ability to cope with a breach. This is in stark contrast to technical leaders on the front lines, who are approximately 20 percent more likely to predict an attack. While confidence appeared high on the surface, it waned significantly when respondents were asked in detail about their firm’s preparedness: only about a third (33 percent) are confident that high-value assets and data are adequately protected and even fewer are confident their security teams have access to the appropriate resources (30 percent) or that they are spending adequately on security (29 percent).

Other key findings from the report include:

  • AI and IoT Will Overtake Cloud as Biggest Emerging Technology Risk – While the majority of organizations actively adopt emerging technologies, with cloud leading the charge (72 percent), the overall risk posed by cloud over the next three years drops by nearly 20 percent. The risks posed by the adoption of artificial intelligence doubles over the next three years and IoT/IIoT risks also rise nearly 30 percent.
  • Compliance No Longer Considered the Top Consequence – Operational disruption (66 percent), reputational damage and significant financial losses (54 percent) lead regulatory penalties (40 percent) as top consequences of a major security event. This trend will likely mark a shift from compliance-centric security to newer strategies that detect active attacks and reduce the risk of a business-altering outcome.
  • The CISO-Board Connection Grows Stronger – More than half of respondents indicate their board is very familiar with the security budget (51 percent), overall strategy (57 percent), policies (58 percent), technologies (53 percent), and review current security and privacy risks (51 percent). Moreover, 45 percent of security officers report to the board or CEO, marking a sign of greater security maturity when compared to the 33 percent that continue to report to the CIO and 10 percent that report to a privacy or data officer.

“Our research confirms IT teams are trapped in the innovator’s dilemma of meeting business demands through the adoption of new technologies, while shouldering the accountability for managing the risks and resulting damage associated with the exploitation of emerging technologies,” said Mark Sangster, chief security strategist, eSentire. “Fortunately, line of sight from the IT team to the board is improving, which often makes it easier to articulate security risks, obtain the required resources to mitigate those risks, and ultimately, better protect the business. The most mature organizations are doing this by moving beyond device and alert-focused approaches that often focused on tit-for-tat prevention technology and toward threat-based approaches that are both proactive and predictive. 

Enterprises Can Assess Their Security Maturity with New Tool
Security maturity and a willingness to leverage industry-best security services can offset the risks associated with threats, such as external attacks and insider risks. In fact, eSentire’s research found that firms using both proactive and predictive approaches reduced their risk profile by 30 percent, compared to those deploying more traditional regulatory and compliance-driven security strategies.

To help organizations understand their own security maturity, eSentire today has unveiled a new Business Risk Index Tool. The free assessment is based on simple questions that provide enterprises with a snapshot of where and how their security approaches stack up in general and relative to comparable organizations.

Read the full findings of Cybersecurity FutureWatch 2018 and access the Business Risk Index Tool here.

 

About eSentire:
eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5.7 trillion AUM in the financial sector alone, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.comand follow @eSentire.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1874
PUBLISHED: 2019-06-20
A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-ba...
CVE-2019-1875
PUBLISHED: 2019-06-20
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by t...
CVE-2019-1876
PUBLISHED: 2019-06-20
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exp...
CVE-2019-1878
PUBLISHED: 2019-06-20
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insuff...
CVE-2019-1879
PUBLISHED: 2019-06-20
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploi...