Ride the Lightning

Really? 46% of Entities Don’t Change Cybersecurity Strategy After An Attack

March 5, 2018

TechRepublic reported on a recent study from CyberArk which surveyed 1300 IT professionals and business leaders. Some of the more striking stats are below:

• 46% of organizations said their cybersecurity strategy rarely changes substantially, even after suffering an attack.
• 46% of security professionals said that their organization can't prevent attackers from breaking into internal networks each time a hack is attempted.
• Only 8% of security leaders said that their company continuously conducts penetration testing to determine where vulnerabilities may exist.
• While 50% of IT professionals said their organization stores business-critical information in the cloud, 49% said they have no privileged account security for the cloud—so they are storing data in the cloud, but not taking additional steps to protect it.
• In terms of protecting passwords, 36% of companies reported that administrative credentials were stored in Word or Excel documents on company PCs, 34% said they were stored on shared servers or USB drives, and 19% said they were stored on printed documents in physical filing systems.
• Many organizations are also failing to adequately protect endpoints, the report found: Only 52% of IT security professionals said they keep their operating systems and patches current, and 29% employ whitelist application controls.
• The greatest security threats? Targeted phishing attacks (56%), insider threats (51%), and malware and ransomware (48%).

These stats reflect just how deficient cybersecurity is at many organizations. It would behoove all entities to take a look at these stats and see how they measure up.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson