Consumers are no longer surprised by data breaches. And, the truth is, large-scale data breaches are here to stay. In fact, according to a recent study by Bitdefender, six out of ten companies have been victims of a data breach in the last three years. And by the end of July 2019, nearly a quarter of information security professionals revealed that the company they worked for had suffered a data breach in the first six months of the year. 39, single year. As businesses adopt technologies and IT management becomes increasingly sophisticated from a digital perspective, the threat landscape and attacker capabilities continue to become more complex. In addition, infosec professionals also face tight budgets, as well as a lack of talent and understanding from employees and management at large. As a result, businesses face more cybersecurity risks than ever before. For companies to truly protect themselves from evolving threats and ultimately the future success of their business, it is essential to understand the issues at play, to go beyond just thinking about firewalls and what they can do to avoid falling victim. of an attack.
About the author Liviu Arsene is a Cybersecurity Researcher at Bitdefender Worldwide.
Understand stress and limitations.
Research has revealed that while more than half (57%) of IT professionals rate their cybersecurity as very good or excellent, the risk to attackers remains a reality. In fact, 26% of IT professionals still believe that their business could be the victim of a breach without even knowing it. The most important threats would be a phishing or whaling attack (36%), followed by Trojans (29%) and Ransomware (28%). But IT professionals don't just have to worry about the increasingly complex threat landscape. Poor cyber security is an undeniable threat to businesses. With tight budgets and insufficient training for talent and resources, cybersecurity teams face enormous pressure to protect their businesses and train their employees. In fact, more than half (53%) of security professionals have considered leaving their current position due to a lack of financial and personnel resources. If companies don't start investing time, money, and resources into their cybersecurity, the consequences they face could be detrimental. In this year alone, not only the number of fines imposed under the GDPR increased significantly, but also the desire to increase the number of fines. Over the summer, for example, the OIC announced astronomical fines of more than 100 million euros, like British Airways, for failing to protect personal data. Companies must not only prepare for the financial repercussions. The top two impacts IT professionals fear in the event of a breach to their organization are business interruptions (43%) and reputation (38%). With the media constantly focusing on cybersecurity flaws, organizations left open to attack could easily suffer irreversible damage.
A plan of attack (preventive)
As the threat landscape continues to become more complex and organizations face significant gaps in attack preparedness, there is clearly room for improvement. For companies to truly master their cybersecurity, the best place to start is to focus on training and training employees in cybersecurity. Once people are aware of potential threats and often simple steps that can be taken to prevent an attack in the first place, information security professionals are in a much better position to prevent breaches of big scale. . In addition, enhanced data protection, as well as faster detection and response capabilities, are the main drivers of a company's cyber security. Speed really is of the essence when it comes to detecting and acting against a cyber threat. The faster a business can react, the faster it can isolate and remediate cyber threats. As such, technologies that facilitate threat discovery, such as network traffic analysis and antivirus technology, are essential. It is also interesting to note that 70% of infosec professionals believe that endpoint security detection and response can help prevent future attacks. In the end, companies must verify if their current cybersecurity strategy is the right one for their objectives. However, to effectively protect against a cyberattack, companies cannot rely solely on strategy. Not only must they be committed to ensuring their strategy is put into action, but they must also rely on a combination of the right technology, the right talent, and a deep understanding of the risks their organization incurs in the event of insufficient cybersecurity. Liviu Arsene is a Cybersecurity Researcher at Bitdefender Worldwide.