The good news is most companies have a plan for dealing with cyberattacks, but the bad news is 33 percent of those companies believe their plan has left key hardware and software systems unprotected, a new survey found.
Welcome to the world of a continuous journey to securing software and hardware.
Over 40 percent of companies surveyed said they have been a victim of a cyber attack, according to the NetEnrich report of over 150 IT professionals. Stolen or weak passwords were the most common cause (26 percent), followed by testing and monitoring system failure (21 percent) and Advanced Persistent Threats (15 percent). Fourteen percent said the cause of attacks was employee error, and seven percent attributed the issue to lost equipment (laptops, mobile devices, etc.). Furthermore: 43 percent of respondents said attacks could have been prevented with a better cyber security policy; 37 percent said they could have used better tools and methods for testing and monitoring; and 21 percent felt breaches could have been avoided had their companies better communicated security policies to employees.
The NetEnrich survey also found 53 percent of respondents see employees, rogue or otherwise, as the greatest source of cyberattacks on companies.
“All the data shows that cyber security must be a top priority for companies and that half-measures and workarounds will not do,” said NetEnrich president and chief executive Raju Chekuri.
Other findings from the NetEnrich survey include:
• 30 percent of respondents use AlienVault to prevent attacks, while 29 percent use ArcSight. Splunk was the third most commonly used tool at 17 percent.
• 66 percent of organizations use third-party consultants or managed security service providers to develop or implement security plans, and 69 percent of respondents found those services to be “very helpful.”
• 83 percent of IT professionals surveyed by NetEnrich said their organizations use cloud-based infrastructure or applications, and 22 percent said cloud-based systems were more cost-effective than on premise security solutions.
• Desktop and laptop computers were most at risk (59 percent) in a cyberattack, followed by databases and web servers (57 percent), network security devices (53 percent), mobile devices (43 percent) and application servers (42 percent).
• 72 percent have tools in place to defend against Advanced Persistent Threats.