It seems like every other headline is referencing yet another data breach. And it’s creating widespread concern among both businesses and consumers about how safe their data is, and when the next breach will strike. Unfortunately, this rapid pace of attacks doesn’t look like it’s going to slow down anytime soon. Recent research from Bitdefender found that almost a quarter of infosec professionals had experienced a data breach in the first six months of 2019, and 26% admitted that their organisation could currently be undergoing an attack – without them knowing.
Despite this, over 57% of IT professionals rate their cybersecurity as very good or excellent, showing a clear disconnect between how they rate their organisation’s infosec profile and the level of risk they are actually facing.
The growing threat landscape
The age-old issue with cybersecurity is that the minute an organisation protects itself from a threat, cybercriminals have already come up with new attack techniques, whether it be a subtle tweak to a malware strain or a totally new approach to infiltrate security systems. This is why it’s so important for businesses to keep on top of the latest cybersecurity trends and keep their infosec solutions updated accordingly. But, many IT professionals admitted to struggling with tight budgets, as well as a lack of understanding of threats from employees, meaning that many organisations are leaving the door ajar for cybercriminals.
The risk of poor cybersecurity hygiene goes far beyond what happens in the moments just after a breach. The impact of an attack can be felt long after, and have both reputational and monetary consequences. In fact, the two biggest fears for organisations according to IT professionals are business interruptions (43%) and reputational damage (38%) post-breach.
Preparation is key
While the threat landscape is constantly changing, one thing remains certain – organisations have to do more to protect themselves. But, while understaffed and with limited resources and budget, it’s not that simple. If infosec professionals do one thing, then it should be to ensure that all staff are fully trained to spot cybersecurity red flags and feel confident doing so. After all, while the most common root of company breaches in the last year were external actors (20%), 17% of these were as a direct result of employee negligence.
On top of this, and budget permitting, IT professionals’ should ensure their infosec stack is at least adequate for their organisational needs. This is the only way to stand a chance against determined cybercriminals — with technology that isn’t only regularly updated, but also ready to deal with modern threats. Interestingly, 70% of infosec professionals currently believe that endpoint detection and response (EDR) is the most relevant technology in helping to prevent future attacks.
While both training staff and implementing infosec technology take time and budget, the main thing for IT professionals to do right now is scrutinise. They need to question each element of their cybersecurity systems and make improvements in every possible area they can afford, while also keeping a tight asset management list of devices and software deployed within their infrastructure. IT professionals also need to take the fight to board level and push for change from the top down. This is challenging, especially given that 57% of people in senior management roles either push back on or completely disregarding the rules when it comes to cybersecurity. But infosec professionals should stay determined, after all, it could make the difference to whether their organisation still exists in 10 years time!