Only half of companies confident in security capabilities

Only 54% of organisations worldwide are confident in their ability to defend against today’s sophisticated cyber attacks, a Cisco study shows.

The vendor’s annual security report shows that IT decision-makers overwhelmingly agree that regulators and investors will expect companies to manage cybersecurity risk exposure.

But just 59% of organisations report that their security infrastructure is up to date, a 10-percentage point decrease from the prior year.

In addition, only 54% of organisations are confident in their ability to verify that an attack has even occurred, and the same percentage are confident they are able to defend against attacks. Just 45% feel they are capable of scoping and containing attacks.

Part of the reason for the low confidence is a shortage of adequate information sharing and collaboration, the report suggests. During security incidents, only 21% of organisations notify business partners, 18% notify external authorities and 15% inform insurance companies.

In response to these issues and as part of efforts to address the security talent shortage, enterprises of all sides are increasingly turning to outsourcing services to balance their security portfolios, the report sates.

In the SMB segment, for example, outsourcing activity increased to 23% in 2015 from 14% in the prior year. Yet SMBs remain a potential weak link, with the number of SMBs using web security dropping by more than 10% over the same period.

Online attackers have shifted their activity to compromised servers to support their attacks. Common attack vectors include DNS — found to be a key capability in nearly 92% of known bad malware, and malicious browser extensions, which affect more than 85% of organisations.

The report also indicates that ransomware attacks alone generate $34 million per year per campaign, underlining the high cost of falling prey to cybercrime.

“Security is resiliency by design, privacy in mind and trust transparently seen,” Cisco Chief Security and Trust Officer John Stewart said.

“With IoT and digitisation taking hold in every business, technology capability must be built, bought and operated with each of these elements in mind. We cannot create more technical debt. Instead, we must meet the challenge head on today.”

Image courtesy of Sarah Joy under CC