Now more than ever, as cyber crime continues to increase in volume and cost, businesses are positioning security as their top priority. With the challenges and costs associated with cyber crime increasingly well publicized, how confident are security professionals that they have the technology, talent and budget required to meet these growing cyber threats?
According to our poll of 274 security professionals, 70% expressed dissatisfaction of some level in their overall security posture. With this in mind, what are the ways in which we can better support those responsible for security within organizations, to ensure that they are confident in their cyber protection?
Understanding the risks
The first step in building a security posture in which companies can have confidence is taking stock of the relevant threats to their industry. Certain threats are much more prevalent in some sectors. For example, financial services businesses that have suffered a cyber attack in the past 12 months (49%) have seen staff receiving fraudulent emails (52%) as the top offender, whereas legal firms saw ransomware and unauthorized hacking as the top attack types (57%).
Bouncing back after a breach
Suffering a breach often affects the confidence of security professionals when it comes to dealing with another breach of similar nature. According to our research, 67% of those hit by a breach in the previous 12 months weren’t very confident that their organization could defend against the same type of attack again. In these cases, it’s vital that the business works with its security professionals to understand their concerns, before investing in and working on making the enterprise more secure.
Seeking quality advice
Whilst some security professionals are turning to outside experts for help, some are more trusted than others. Across all sectors, vendors are the most trusted source for advice (53%), followed by consultants (53%) and analysts (52%). Industry bodies are the least trusted source across the board, with only 34% of buyers seeking advice from them. Overall, despite realizing the growing threat of an attack, independent information for those wanting to purchase countermeasures is lacking. The distribution of independent, quality advice would avoid rushed, forced decisions for security leaders.
When asked about outsourced services, over half (51%) of respondents said that they believed the risk levels of outsourced cyber security to be more or less equivalent to that of traditional IT environments. Sectors where the impact of a security breach is the highest have the lowest levels of confidence in outsourcing, reflecting a misconception that managing all security services in-house is the most secure option. In reality, modern outsourced security services often offer higher levels of security due to being kept up-to-date and leveraging the expertise of a large and dedicated security team. Successful outsourced services are easy to deploy through the cloud or in-house so firms can maintain direct control if required, inspiring cyber confidence throughout entire teams.
Though security professionals are beginning to feel held down by a lack of funding and skilled talent, the future looks much brighter. The vast majority of respondents (76%) believe that cyber security is an increasing priority within their organization.
On a further positive note, 80% of organizations are now measuring the performance of their security stack, allowing them to access the data they need to identify new security investments. Security professionals now need to focus on areas that can help themselves and their team allay their fears over cyber threats. This includes sophisticated networking detection and response technology which to help them prepare for the unknown.
Staying safe with Nominet
NTX will reduce risk on your network and eliminate threats before they cause harm. NTX analyzes network DNS traffic for both known and unknown threats. Embedding our patented algorithms means we eliminate threats from the network and identify zero-day activity not seen by traditional methods of detection. This narrows the window when malicious activity can compromise your network.