Report: Enterprises too complacent about growing cyber-attacks

29329948226_26182013ae_b

Cyber-attacks are increasing in frequency and severity with each year that passes, but a large number of enterprises large and small appear to be assuming that “it won’t happen to us.”

In a report published by Juniper Research this week, 86 percent of the more than 200 U.K.-based enterprises quizzed said they believe they’re doing enough to withstand a cyberattack on their infrastructure. In addition, over 80 percent of executives interviewed said they’re confident their infrastructure is secure against any threats.

The survey authors say the growing number of high-profile cyber-attacks, particularly those caused by “ransomware,” have raised awareness about the necessity to build up a secure defense against intruders. But cyber-attackers are notorious for quickly adapting to new counter-measures, even as security vendors go beyond traditional firewalls and use increasingly smarter algorithms to spot attacks as they happen.

As such, most enterprises are taking a more proactive approach to their infrastructure defense, especially when it comes to the cloud. At the same time, vendors argue that systems will be more secure if security is baked in to IT infrastructure. But numerous enterprises remain complacent about the threat, Juniper Research’s study suggests.

“Increasingly, businesses are moving critical infrastructure online, making them more vulnerable to digital threats,” Juniper Research’s report notes. “Despite increased concern and spend on cyber security over the last year, there is a high degree of complacency, with few common practices in response to this threat.”

One of the main problems is bureaucracy. According to Juniper’s findings, responsibility (or blame) for cyberattacks tends to be spread around organizations, vastly complicating any mitigation plans. Just one quarter of organizations have hired a dedicated security executive to deal with cyber-threats, but in those companies that haven’t, the vast majority of respondents claimed security was not their responsibility.

That becomes all the more concerning when we see how frequent such attacks have become. Almost half of Juniper’s survey respondents admitted to being attacked, with two-thirds of those incidents occurring in the last 12 months. Some 29 percent of those incidents resulted in a data breach, Juniper said.

“Our study shows that businesses believe they are far more secure than they really are,” Juniper Research’s Windsor Holden said in a statement. “While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as safe as possible, and can recover as quickly as possible in the event of a cyber attack.”

The survey looks only at British companies, but it’s likely that the findings reflect trends elsewhere in the world. After all, most cyber-attackers are unlikely to restrict themselves to companies located in the U.K. only, and it’s notable that many of the highest-profile cyber-attacks have been on U.S. companies.

The only good news to report is that not all U.K. companies are so lax. Some have indicated that they’re taking additional steps to protect themselves, which include creating new company guidelines for security practices, penetration tests to assess vulnerabilities and monitoring for phishing attacks, among other precautions. However, only around a quarter of enterprises reported

Among the steps being taken by U.K. enterprises to prevent attacks are instituting company guidelines for security practices. Other steps include penetration tests to assess vulnerability to attack and monitoring company emails for phishing attacks that often fool recipients into clicking on attachments that, for example, could unleash malware.

Photo Credit: Oliver Kiddell via Compfight cc