New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident.
The 2017 Cyberattack Storm Aftermath study, commissioned with the Ponemon Institute, surveyed 200 senior-level execs in the US and US about emerging threats, specifically those propagated by the Vault 7 leaks and the WannaCry/NotPetya attacks fueled by the EternalBlue Shadow Brokers leak.
The results found that whilst the majority (69%) of respondents had a high awareness of both WannaCry and NotPetya threats, only 28% (WannaCry) and 29% (NotPetya) felt they would be able to prevent those attacks. What’s more, 44% of the respondents who were aware of the WannaCry patch failed to implement it, with that figure 55% for the NotPetya patch.
Speaking to Infosecurity Tim Brown, VP of security, said that the key to prevention is applying the appropriate patches, but too many businesses are failing to make that connection.
“That shows a lack of knowledge on what the action plan associated with a vulnerability should be,” he added. “People often don’t think of basic security hygiene as one of the most important things they need to do, but it really is – although it’s really not easy. Doing the basics well is not ‘sexy’ or ‘cool’, it’s a lot of hard work that needs to get done, but no technology is going to really save you from that hard work.”
Another significant finding from the report was that more than half of execs felt they did not have sufficient budget to prevent, detect and contain significant cybersecurity threats.
“Budget is always an issue, and basically your security budget always first goes towards meeting your regulatory requirements. How you move the needle towards more security is always a challenge. You have to be able to explain in more business terms the ‘what if’ scenarios.
To conclude Larry Ponemon, founder of the Ponemon Institute, said the lack of knowledge among senior-level security execs highlighted in the report is worrying.
“They know that attacks are on the increase, but many don’t know what they are and seem unable to effectively prevent them,” he added. “Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented.”