More organizations fear breaches, lack strategy to respond

The percentage of organizations that acknowledge a security breach will most likely happen to them is on the rise, and many remain unsure about the most effective strategy to stop attacks, according to research from security vendor Kaspersky Lab.

As part of the study, the company surveyed 5,274 global IT and business decision makers earlier this year, and found that a majority of organizations (57 percent) realize a security breach will happen to them at some point. That compares with 51 percent the year before.

Many of the organizations (42 percent) remain unsure of the most effective strategy to combat threats such as targeted attacks. Perhaps of greater concern, the study showed that uncertainty is significantly higher (63 percent) among respondents who are IT security experts and should therefore be more familiar with the issue, the report said.

HDM-110917-breach.png

Also See: HHS takes steps to hire a senior advisor for cybersecurity

The study shows that targeted attacks have become one of the fastest growing threats in 2017, increasing in overall prevalence by 11 percent for large enterprises. In addition, two-thirds of respondents agreed that threats are becoming more complex, and for more than half (52 percent) it’s becoming difficult to tell the difference between generic and complex attacks.

Surprisingly, respondents from a majority of companies (77 percent) say they believe their organizations spend enough, or even overspend, on protection against targeted attacks. This might be a result of how threat protection is perceived, the report said. Threats are sometimes seen as a technical problem to be solved through buying and deploying more advanced cyber security products.

A more balanced approach to incident response includes investing not only in the right technologies, but also in people with specific skill sets and in the right processes, the study notes.

For reprint and licensing requests for this article, click here.