The state of the cybersecurity union today is that all businesses – large or small – should assume the worst and prepare for cybersecurity attacks. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Workforces are expanding and using more connected devices, which makes it even more difficult to maintain a human defense firewall.
According to a recent EY survey, many companies may not be prepared as they would like to be. In fact:
- 87% of respondents say they need up to 50% more cybersecurity budget
- 48% do not have a Security Operation Center, even though they are becoming increasingly common.
- 17% of boards have sufficient cybersecurity knowledge for effective oversight of cyber risks.
- 12% feel it is very likely they would detect a sophisticated cyber attack.
- 57% do not have, or only have an informal threat intelligence program.
- 89% say their cybersecurity function does not fully meet their organization’s needs.
Let’s talk about your threat surface
Phishing: You know that nation-states and terrorist groups are constantly out to get us. But, have you considered a poor decision made by an employee that thought a phishing email was an actual email? We discussed recently that insider threats are the top threat to organizations. 1 in 131 emails contains malware and over 4,000 ransomware attacks occur daily.
Poor Patch Management: You might have heard about the infamous Equifax breach of 2017. That could have been prevented with a simple patch. 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.
Vulnerabilities: 85% of successful hacks use the top 10 known exploits (meaning the companies did nothing about known vulnerabilities in their system). 8,000 vulnerabilities a year were disclosed over the past decade. It’s tough for an IT department to keep up with all of those. Gartner argues that the biggest threats are not the ones that risk causing the most damage to you, but simply the vulnerabilities in your organization’s environment that are being actively exploited “in the wild.
Mobile Cyber Attacks: In Q1 of 2017 alone, mobile ransomware attacks increased by 253%. And 66% of security professionals doubt their organization can prevent a breach of employees’ devices. For hackers, phishing is easy. And profitable. The average phishing attack costs a mid-sized company $1.6 million.
No Security Monitoring: Do you know the threats that are coming into your network? 81% of data breach victims do not have a system in place to self-detect data breaches. Another issue may be that you have a tool in place to detect security incidents, but do you have the expertise on staff to know how to detect and remediate those incidents?