With the rapid increase in both the volume and the cost of cyber attacks, businesses now seem to be focusing on cyber security more than ever. The challenges and costs of cyber crime are now well publicized, so it would be understandable to assume that all security teams are now well-funded, supported from others in the business and able to work in complete confidence. But is this really the case across the board?
In a recent survey by Nominet, around 300 security professionals from across the UK and US were asked about their organization’s security position, the barriers to confidence and what they believe will aid cyber confidence.
The state of cyber confidence
Overall, security professionals seem to have serious reservations about their organization’s security posture, from the technology stack to procedures, processes and human behaviors. Almost 70% expressed some sort of dissatisfaction with their overall security posture, ranging from ‘moderately’, ‘somewhat’ or ‘slightly’ confident.
These reservations may stem from a variety of barriers that slow cloud adoption for security professionals. Some of the biggest challenges to effective cyber security are the increasing sophistication of threats, insufficient staff training, lack of funding, insufficient staffing and a lack of board support. A lack of staff training and insufficient staffing are two major elements of a cyber security skills gap, a larger issue stopping organizations from putting optimal security measures in place. A huge part of instilling confidence in security professionals lies in filling this skills gap. To do this, organizations need to put the right technology in place so that threats aren’t always seen as insurmountable, provide budget accordingly and invest in people.
Often, security professionals are left in uncertain and compromising positions, with 71% touting their organizations cyber robustness to partners and customers, despite not feeling confident in it. When asked whether they are confident that they have chosen the right or best security solution for their business, 67% were just ‘moderately’, ‘somewhat’ or ‘slightly’ confident in their choice, and 2% weren’t confident at all.
INSIGHT FROM INDUSTRY LEADERS
Considering the risks
Cyber awareness among employees poses a genuine threat to firms. Other than the perennials of cyber crime (phishing, viruses and malware), two of the most common attack methods are staff receiving fraudulent emails (44%) and the unauthorized use of computers/networks/servers by staff (34%), further proving the need for additional staff and training. For companies to build a security posture that their employees can have confidence in, good cyber security habits need to be instilled in all staff, not just the IT department.
Dealing with a breach
Unsurprisingly, suffering a breach affects the confidence of security professionals around dealing with another breach. In fact, two thirds of those hit by a breach in the past 12 months weren’t very confident that their organization could defend against the same type of attack again. Given that attacks are so vast, and often target organizations more than once in a 12-month period, enterprises need to be sure they work together to understand their concerns, developing an action plan in case one hits. This means not just defending against cyber attacks, but also learning from past attacks and using these lessons to boost confidence in their security approach.
Looking to the future
The vast majority (76%) of respondents believe that cyber security is an increasing priority within their organization, with many already noticing a difference. 62% reported that their confidence in their overall security posture has improved in the past year, compared to just 10% who said it had decreased.
Security professionals therefore need to focus on areas that can mitigate fears over an ever-evolving threat landscape. Network detection and response technology, combined with efforts to train staff and create a resilient organization, will help companies prepare for the unknown and build confidence in their own security stack.
INSIGHT FROM INDUSTRY LEADERS
How Nominet Can Help
All networks rely on DNS traffic. It is a critical source of information to check for threats and monitor the health of a network, but often overlooked in the security stack. NTX analyzes network DNS traffic for both known and unknown threats. Embedding our patented algorithms means we eliminate threats from the network and identify zero-day activity not seen by traditional methods of detection. This narrows the window when malicious activity can compromise your network.