Only 39% of Breached Companies Can Confidently Identify Source

March 22, 2018

Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabi. The report, titled The Known Unknowns of Cyber Security, also revealed that seven out of ten (68%) businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months.

The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security concerns, their experience with IT security breaches, their understanding of how and when breaches occur, and the strategies they’re using to combat hackers.

Knowing your Environment

The majority of businesses know very little about the nature of the security breaches that take place within their organizations. Whilst a high percentage of companies have experienced a breach, less than half of respondents (48%) feel fully confident that they would know if a breach had even happened, meaning that more could have taken place without their knowledge. Furthermore, only 42% of respondents feel very confident about what data was accessed during a breach, and a mere 39% were fully confident that they could identify the source of a breach.

Privileged users, who are granted the most access within an organization, are vulnerable to attack and can open the door to insider threats, leading to internal tension around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that an insider data breach is the biggest threat they are facing in network security.

"Attacks are becoming more and more sophisticated and every organization is at risk,” said Csaba Krasznay, security evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”

“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” Krasznay continued.

Turning the Security Unknowns into Knowns

The research showed that 80% of respondents agree that educating employees is key to securing the network. The truth is, however, that businesses must aim for a balance between technology and employee education in order to tackle the insider threat, no matter if it is a malicious or accidental threat.

While 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It’s no surprise that there still isn’t a cohesive response to the on-going threat of cybercrime.

The research demonstrates that more often than not, when the threat is unpredictable and already exists within a business, it is essential to create comprehensive security strategies. This should incorporate a balance of both employee education and appropriate security technology. This way, organizations can ensure they understand their environments and are prepared to tackle ever-evolving security threats.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Only 39% of Breached Companies Can Confidently Identify Source

Related Articles

Related Products

Related Events

Report Abusive Comment