As cyberattacks mount, an increasing number of enterprises are preparing to respond to a major breach in the coming year.
That’s according to Guidance Software’s latest survey of 330 IT and security professionals in North America. Nearly two-thirds (65 percent) of organizations fell victim to malware-related breaches, up from 56 percent in 2016, while 55 percent experienced phishing-initiated breaches, down from 58 percent.
Despite those numbers, only half of respondents believe they will need to respond to a breach in the coming year.
Scott Skidmore, Guidance Software’s vice president of global channels, tells Channel Partners that companies today must adopt the mindset of “continuous compromise.”
“Long gone are the days where you can prevent every attack,” he said. “Now, it’s not a matter of if, but when, an attack will happen. Don’t fear the breach. Locate, categorize and backup your sensitive data, and create an incident response plan and team before attacks occur. With the right tools, companies can rapidly respond to and remediate attacks, keeping sensitive data and customers safe.”
The survey did show improved preparedness among respondents, as more than half (54 percent) of organizations feel well prepared to respond to a major breach in the coming year, up from 51 percent in 2016. Also, twice as many respondents as last year said they are looking to build a formal security and incident management team within the next year.
According to Druva’s Annual Ransomware Report, with more than 800 companies participating, ransomware has quadrupled during the past year, reaching an estimated $1 billion in 2016 with 4,000 attacks occurring per day.
Nearly half of organizations that have experienced a ransomware attack are the victim of multiple attacks, according to the report. Also, 70 percent of attacks spread to multiple devices.
“Channel VARs and integrators are in a prime position to have a business outcome conversation with end users after these recent, extensive ransomware attacks,” said Timm Hoyt, Druva’s vice president of global channel sales. “The ability to shift the conversation from product orientation to business outcome with real tangible benefits is what can set them apart from others as a true consultant, not just a product reseller. And this is how trust is built and strengthened with the end user.”
One in four organizations suffered significant or minor direct financial losses due to an attack or breach in the past year, according to Guidance Software’s survey. Some 6 percent of companies claimed significant financial losses, up from 2 percent in 2016, while 19 percent of companies claimed minor financial losses in 2017, up from 11 percent. Among those that were hit by directly targeted breaches, one in five (20 percent) bore costs in excess of $1 million.
The top three IT security challenges, according to the survey, are assessing risk, enforcing security policies and managing the complexity of security.
It’s critical for everyone in an organization – from the receptionist at the front desk to the IT technician in the back office, and from the CEO in the corner office to the account manager on the road – to learn and use “good cybersecurity hygiene,” according to CompTIA. Anyone who touches a PC, laptop, smartphone or tablet is a potential target of ransomware or other cyber threats, but threats can be lessened and security awareness heightened through regular education and training.
“Companies consistently report that human error is the primary cause of security breaches,” said Seth Robinson, CompTIA’s senior director of technology analysis. “People don’t know, or are ignoring some of the basic security practices. The encouraging news is that we’re seeing a growing realization among companies that their workforce needs to be educated about technology in general, and about security, specifically.”
The types of training offered run the gamut, according to the recent CompTIA report, “The Evolution of Security Skills.” In the survey of 350 U.S. businesses, about half said they perform employee security training on an ongoing basis. In addition, 58 percent include security instruction as part of their new employee orientation, 46 percent conduct random security audits and 35 percent use hands-on labs.