Nearly 4 in 5 companies (79%) were hit by a breach in the last year, according to new research from Balabit. The report, called the Known Unknowns of Cyber Security, also revealed that 7 out of 10 (68%) businesses expect to be impacted by further breaches this year with more than a quarter anticipating this happening within the next 6 months.
The Unknown Network Survey, undertaken in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals when it comes to businesses’ concerns over IT security and their experience of IT security breaches, their understanding of how and when breaches occur and how they are trying to combat hackers.
Knowing your environment
The majority of businesses know very little about the nature of the security breaches that take place within their organisations. Whilst a high percentage of companies are experiencing breaches, less than half (48%) stated they would be fully confident knowing a breach had even happened, meaning that more could have taken place without their knowledge.
Only 42% feel very confident about what data was accessed and a mere 39% were fully confident that they could identify the source of a breach. As privileged users, or those with the most access within an organisation are the most vulnerable to attack or becoming insider threats, it’s imperative for businesses to protect access to critical IT systems and sensitive data.
This is leading to internal tension within businesses around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that insider data breach is the biggest threat many are facing in terms of network security. It should come as no surprise that 80% of respondents agreed that educating employees is key to securing the network. The truth is however, that businesses must aim for a balance between technology and employee education in order to tackle the insider threat, whether that’s a malicious or accidental threat.
“Attacks are becoming more and more sophisticated and every organisation is at risk.’ said Csaba Krasznay, Security Evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”
“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough.” Krasznay continued.
Turning the security unknowns into knowns
Whilst 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It’s little wonder that there is still no cohesive response to the on-going threat of cybercrime.
The research demonstrates that when more often than not, the threat is unpredictable and exists already within a business, it is essential to create comprehensive security strategies. This should incorporate a balance of both employee education and appropriate security technology. This way, organisations can ensure that they know their environments and are prepared to tackle ever-evolving security threats.