Firms Feel More Confident In Ability to Thwart Data Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-management.com/news/security/firms-feel-more-confident-in-ability-to-thwart-data-breaches-10028215-1.html

A majority of organizations believe they will be more secure against data
breaches in 2016, despite the fact that nearly three-quarters of
organizations experienced a security threat last year.

Why the seeming disconnect? A growing number of organizaations are
investing in more advanced security solutions and are ramping-up end user
training around data security best practices.

Those are among the findings of the recent study “Battling the Big Hack”
from Spiceworks, which looked at IT professionals’ perceptions of the
biggest IT security threats and the steps they’re taking to prevent
security incidents and breaches within their organizations.

The study found that while 80 percent of organizations experienced a
security incident in 2015, 71 percent of IT professionals expect their
organizations to be more secure in 2016.

“The results show that IT professionals feel responsible for the security
of their organization’s data, and in a world where technology is getting
more complex and organizationally distributed, their jobs aren’t getting
any easier,” said Sanjay Castelino, vice president at Spiceworks. “In
reaction to these challenges, they’re being more proactive about preventing
security incidents and breaches by learning about new threats, regularly
educating employees about risks, and investing in more advanced security
solutions.”

Bracing for external security threats in 2016

According to the study, the growing frequency and duration of security
threats is “forcing IT professionals to evaluate their exposure to common
and not-so-common issues they may face in 2016.”

IT professionals were surveyed on the most common security incidents their
organizations experienced in 2015 and compare them to the security
challenges they expect in 2016. Among the findings:

“Malware attacks were reported by 51 percent of IT professionals in 2015
followed by phishing and spyware incidents at 38 and 34 percent
respectively. This aligns closely to the percent of organizations that are
concerned about these incidents in 2016. However, 53 percent said they’re
concerned about ransomware in 2016, but only 20 percent of organizations
experienced a ransomware incident in 2015.”

“Thirty-nine and 37 percent of IT professionals also expressed concern
about data theft and password breaches respectively, but only five percent
of organizations experienced an incident of data theft in 2015 and only 12
percent experienced a password breach.”

The study also asked IT professionals to disclose their concerns regarding
individual hackers or groups. Forty-nine percent said they’re concerned
about independent hackers; 36 percent cited rogue employees; and 25 percent
said organized crime groups. Only 12 percent said they’re concerned about
cyber-terrorist groups and state-sponsored hackers, and 10 percent
indicated concern for hacktivist groups.

Internal threats a top IT security challenge

Confirming what some other recent IT security studies have reported, the
Spiceworks report noted that end users represent the biggest challenge when
it comes to IT security due to a limited understanding of security issues
and resistance to security solutions and policies. Indeed, a large majority
(80 percent) of respondents cited the threat of end users to data security.

So-called ‘Shadow IT’ -- the deployment of technology by employees without
approval from the IT department -- is also a risk to their organization
according to nearly half of respondents (cited by 48 percent).

IT professionals are also concerned about devices that have access to
company data but provide less control to protect end users from breaches,
such as mobile devices.

When asked which network-connected end points are at risk of a security
breach in 2016, 81 percent of IT professionals indicated laptops and 73
percent indicated desktops, but smartphones and tablets weren’t far behind
at 70 and 62 percent respectively. Nearly 50 percent of IT professionals
are also concerned about network-connected IoT devices.

There is also good news in the study. “In order to protect end users from
breaches on various devices in the workplace, 73 percent of IT
professionals are enforcing end-user security policies and 72 percent are
regularly educating their employees through lessons on topics such as ‘how
to avoid malware’ and ‘how to spot phishing scams,’ the study noted.

More importantly, many organizations are focusing on data security
awareness programs and on IT security training for IT staff.

“IT professionals are also focused on their own education and ensuring
they’re up-to-speed on the latest security issues. In fact, 66 percent are
taking the time to learn about new threats and 60 percent are regularly
evaluating new security solutions,” the study concluded.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.