A whopping 61% in a broad-ranging survey were found to have been compromised by ransomware in 2016, while the percentage of organizations affected by successful cyber-attacks reaches an all-time high.
According to CyberEdge Group’s latest Cyberthreat Defense Report, of those affected, 33% paid the ransom and recovered their data, 54% refused to pay but successfully recovered their data anyway, and 13% refused to pay and subsequently lost their data.
Overall, consistent with findings in CyberEdge’s prior three annual reports, the 2017 report finds that network breaches are rising, under-trained employees pose the greatest security risk, and malware is more troubling than ever. But, organizations are seeing investments in security.
Rising attacks are the new norm. The percentage of organizations affected by successful cyber-attacks has risen for the third-consecutive year—from 62% in 2014, to 70% in 2015, to 76% in 2016, and now to 79% in 2017. Today, three in five believe a successful cyber-attack in the coming year is more likely than not.
An astounding nine out of 10 respondents indicated their organization is suffering from the global shortage of skilled IT security personnel. Fifty-one percent of respondents are leveraging external vendors and contractors to fill the void.
This is spurring security spending: One in five respondents indicated dissatisfaction with Microsoft’s available protections for securing Office 365 deployments, opening the door for third-party security solutions. Of 16 network security technologies depicted in the survey, honeypots/network deception technology (41%) is the one most sought after in the coming year, followed by next-generation firewalls (39%) and user and entity behavior analytics (38%).
When asked which of 11 application and data-centric security technologies are currently deployed by their organizations, respondents ranked database firewalls and web application firewalls (WAFs) highest, each with a 65% adoption rate.
And, the report found that cyber-insurance reaches critical mass. Three-quarters of respondents rate their organization’s level of cyber insurance investment as adequate. Less than nine percent of respondents expressed concern over insufficient coverage.
That said, the report found that organizations are underinvesting in the human firewall. When respondents were asked what’s inhibiting them from securing their employers’ networks, “low security awareness among employees” was the top response for the fourth-consecutive year, followed by “lack of skilled personnel” and “too much data to analyze.”
“If the definition of insanity is doing the same thing repeatedly and expecting a different result, then perhaps, as an industry, we’re going insane,” said Steve Piper, CEO of CyberEdge Group. “Each year, we invest more in security, yet frequency and severity of data breaches rise.”
But why? I believe I can offer two partial explanations, inspired by this year’s Cyberthreat Defense Report.
“Invest more in training,” added Piper. “And second, we consistently hear that most data breaches stem from exploiting old vulnerabilities. OK, then get patching. Investing in best-of-breed security defenses is always prudent, but to stop the bleeding, we’ve got to invest more in our human firewalls and reducing our network attack surfaces.”