Survey highlights overconfidence and lack of preparedness for cyber incidents
- Published: Tuesday, 16 May 2017 08:44
SolarWinds MSP has published survey findings outlining the preparedness of UK and US businesses in dealing with cybersecurity breaches. The report reveals that businesses are ‘gravely optimistic’ about their ability to deter and cope with malicious attacks despite the majority experiencing a breach over the last year and nearly a quarter experiencing more than 10.
SolarWinds says that “the potent combination of this lack of preparedness, the frequency of breaches, and the potential commercial impact of each one, heightens the risk of an ‘extinction event’ i.e., a massive business failure correlating to the breach.”
However, 71 percent of the same respondents said they have experienced a breach in the last 12 months. Of the businesses that have been breached and could identify an immediately traceable impact, 77 percent revealed that they had suffered a tangible loss, such as monetary impact, operational downtime, legal actions, or the loss of a customer or partner.
Commenting, John Pagliuca, SolarWinds MSP general manager, said, “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe. These results beg the question, ‘How can IT leaders feel so prepared yet still be exposed?’ One of the main reasons is that people are confusing IT security with cyber security. The former is what companies are talking about when they think about readiness. However, what they often don’t realize is that cyber security protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently. The overconfidence and failure to deploy adequate cyber security technologies and techniques at each layer of a company’s cybersecurity strategy could be fatal.”
SolarWinds has investigated why this overconfidence is occurring and identified seven basic faults:
- Inconsistency in enforcing security policies
- Negligence in the approach to user security awareness training
- Shortsightedness in the application of cybersecurity technologies
- Complacency around vulnerability reporting
- Inflexibility in adapting processes and approach after a breach
- Stagnation in the application of key prevention techniques
- Lethargy around detection and response.
The full report, entitled ‘2017 Survey Results: Cybersecurity: Can Overconfidence Lead to an Extinction Event? A SolarWinds MSP Report on Cybersecurity Readiness for U.K. and U.S. Businesses’ is available here .