Storage and security
Organizations Should Improve Their Security Hygiene
Companies are undermining security strides they’ve made because they don’t properly enforce best practices concerning privileged accounts and data stored in the cloud.
Making Progress Against Cyber-Attacks
A full 82% of respondents believe the security industry in general is making progress against cyber-attacks.
Misplaced Budgets
71% of organizations increased their budget for perimeter defenses. Yet only 24% cited a perimeter breach as the attack stage most difficult to mitigate, and 12% cited it as a top concern.
Biggest Threats: DDoS, Phishing
Cyber-attacks or tactics that concern IT decision-makers the most over the next 12 months include distributed denial-of-service (DDoS) attacks (19%), phishing (14%), ransomware (13%), privileged account exploitation (12%) and perimeter breaches (12%).
Lessons Learned From Major Breaches
79% of respondents said their organizations have learned lessons from major publicized security breaches and are taking appropriate actions to improve security.
Growing Optimism
75% of IT decision-makers now believe they can prevent attackers from breaking into their internal networks, up from 44% in 2015.
False Confidence in Company Security
Although the majority of IT decision-makers believe they can prevent cyber-attacks, 36% believe a cyber-attacker is currently or has been in the last 12 months on their network, and 46% believe their organization was a victim of a ransomware attack in the past two years.
Better Protection
The top actions implemented to better protect against cyber-attacks include the deployment of malware detection (25%), endpoint security (24%) and security analytics (16%).
Managing Privileged Accounts
55% of respondents said their organizations have changed processes for managing privileged accounts, and 71% use a privileged account security solution.
Lax Privileged Security Practices
Yet 40% still store privileged and admin passwords in a Word document or spreadsheet, and 28% use a shared server or USB stick.
Third-Party Risks
49% of organizations allow third-party vendors remote access to their internal networks. But some verticals lag in vendor access controls: in the public sector, 21% of organizations are not securing and 33% are not monitoring this activity.
Security Emergency Response Plan
A full 95% of organizations have a cyber-security emergency response plan. But only 45% communicate and regularly test their plans with all IT staff, and 57% aren’t certain of their role in response to cyber-attacks.
Cloud Concerns
68% of organizations cite losing customer data as one of their biggest concerns following a cyber-attack. Yet 60% who use the cloud store customer data in it, and 57% who store info in the cloud are not completely confident in their cloud providers’ ability to protect their data.