After Equifax: new survey shows security professionals expect the worst and claim they are prepared
Nearly 50% of IT pros are bracing for a cyber attack, yet 89% profess confidence in their cyber security stance.
Varonis Systems (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today released findings from an independent survey exploring security practices and expectations in the wake of the massive Equifax breach. The survey, which polled 500 IT decision-makers in the UK, Germany, France and US, highlights an alarming disconnect between security expectations and reality.
An infographic accompanying this announcement is available here.
The vast majority (89%) express confidence in their cyber security stance and feel that their organisation is in a good position to protect themselves from attack. Yet in the months after WannaCry, four in 10 organisations are not taking critical steps to lock down sensitive information, putting them at risk from data loss, data theft and the next ransomware attack.
Nearly half of respondents (45%) believe their organisation will face a major, disruptive attack in the next 12 months.
Looking ahead to 2018, data theft and data loss were cited as top concerns for organisations. Other notable findings include:
* 25% reported their organisation was hit by ransomware in the past two years.
* 26% reported their organisation experienced the loss or theft of company data in the past two years.
* Eight out of 10 respondents are confident that hackers are not currently on their network.
* 85% have changed or plan to change their security policies and procedures in the wake of widespread cyber attacks like WannaCry.
"It is encouraging that IT professionals are understanding that it's a matter of when, not if, their organisation will be hit with a damaging cyber attack. However, their level of confidence when it comes to security is inconsistent with what we see in practice," said John Carlin, former Assistant Attorney General for the US Department of Justice's National Security Division and currently chair of Morrison & Foerster's global risk and crisis management practice. "The reality is that businesses are consistently failing to restrict access to sensitive information and are regularly experiencing issues such as data loss, data theft and extortion in the form of ransomware."
The survey also showed major differences on cyber security policies and tendencies by country. Key findings in this area include:
* Only 66% of US organisations and 51% of EU-based organisations surveyed fully restrict access to sensitive information on a "need-to-know" basis. Organisations in Germany are the least likely to restrict access (38%).
* A majority (67%) of respondents reported their organisations have cybersecurity insurance policies. They are least prevalent in the US (62%) and most common in France (75%).
* German organisations have been hit particularly hard by ransomware, with 34% affected in the past two years.
"Attackers are upping their game, using more sophisticated, blended attacks like WannaCry and NotPetya that make use of multiple attack vectors," said Varonis CMO David Gibson. "At the same time, valuable data remains vulnerable to attacks that require little to no sophistication, like disgruntled employees snooping through overly accessible folders. While it's heartening that major security incidents are inspiring preparedness, if the past year is any indication, it is unlikely the actual security of these organisations aligns with perception."
The independent survey on top concerns, approaches and experiences of IT professionals involved in cyber security was commissioned by Varonis and conducted by Survey Sampling International.
Respondents were 500 IT decision-makers from the United Kingdom, France, Germany and the United States from organisations with 1 000+ employees. The survey was conducted from September 28 - October 6, 2017.
* Read the full survey findings: https://www.varonis.com/learn/cybersecurity-expectations-vs-reality-survey/
* For more information on Varonis' solution portfolio, please visit www.varonis.com
* Visit its blog, and join the conversation on Facebook, Twitter, LinkedIn and YouTube.
* Join its South Africa & The Rest of Africa LinkedIn group for regular news and updates