The Seven Pitfalls of Cybersecurity
A 2017 survey revealed 87% of small and medium-sized businesses have complete trust in their cyberthreat preparedness and feel the security implementation is average or above. Could they be overconfident? Are they believing they will never fall victim to a breach?
Unfortunately, 71% of those same organizations have been breached in the past 12 months. Shockingly, less than half implemented new security technologies following a breach, and 14% did nothing to improve their security.
According to the survey, most are overlooking seven basic security principles that are vital for companies who wish to improve their security. Investing in an experienced IT company who can safeguard your business is imperative.
1. Inconsistency in Enforcing Security Policies;
Does your organization have an IT security policy that addresses the use, creation, and processing of employee and customer information?
A security policy is clearly worthless unless it is correctly enforced and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.
2. Negligence in the Approach to User Security Awareness Training;
Considering the users of your organization, how would you describe the current level of awareness training?
Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee onboarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing.
3. Shortsightedness in the Application of Cybersecurity Technologies;
Which of the following technologies have you implemented on-premises to prevent data breaches?
Six of the nine most typical cybersecurity technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems).
4. Complacency Around Vulnerability Reporting;
Which of these reporting scenarios best describes the reporting process you have in place?
Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.
5. Inflexibility in Adapting Processes and Approach After a Breach;
Examining your last security incident, what best describes how your organization responded?
Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started looking into new technology, while 14% purposefully did nothing.
6. Stagnation in the Application of Key Prevention Techniques;
Which of the following techniques have you implemented on-premises to prevent data breaches?
Of the nine key prevention techniques listed, only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.
7. Lethargy Around Detection and Response;
Comparing 2016 to 2015, how have time to detection, response, and resolution times changed in your organization?
Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, in our 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing.
Sourced: solarwindsmsp.com 2017-Survey-CyberSecurity.pdf