New Research From Balabit Reveals More Than A Quarter Of Companies Expect To Be Breached In The Next Six Months
Less than half of businesses are fully confident that they would know if a breach had happened or how, according to Balabit’s global research report
Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabit, a leading provider of Privileged Access Management and Log Management solutions. The report, titled The Known Unknowns of Cyber Security, also revealed that seven out of ten (68%) businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months.
The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security concerns, their experience with IT security breaches, their understanding of how and when breaches occur, and the strategies they’re using to combat hackers.
Knowing your environment
The majority of businesses know very little about the nature of the security breaches that take place within their organizations. Whilst a high percentage of companies have experienced a breach, less than half of respondents (48%) feel fully confident that they would know if a breach had even happened, meaning that more could have taken place without their knowledge. Furthermore, only 42% of respondents feel very confident about what data was accessed during a breach, and a mere 39% were fully confident that they could identify the source of a breach.
Privileged users, who are granted the most access within an organization, are vulnerable to attack and can open the door to insider threats, leading to internal tension around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that an insider data breach is the biggest threat they are facing in network security.
“Attacks are becoming more and more sophisticated and every organization is at risk,” said Csaba Krasznay, security evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”
“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” Krasznay continued.
Turning the security unknowns into knowns
The research showed that 80% of respondents agree that educating employees is key to securing the network. The truth is, however, that businesses must aim for a balance between technology and employee education in order to tackle the insider threat, no matter if it is a malicious or accidental threat.
While 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It’s no surprise that there still isn’t a cohesive response to the on-going threat of cybercrime.
The research demonstrates that more often than not, when the threat is unpredictable and already exists within a business, it is essential to create comprehensive security strategies. This should incorporate a balance of both employee education and appropriate security technology. This way, organisations can ensure they understand their environments and are prepared to tackle ever-evolving security threats.
The Balabit Unknown Network Survey was undertaken on behalf of Balabit by independent market research company Loudhouse to examine the changing attitudes towards security in business in October/November 2017. This research explores businesses’ concerns over IT security and their experience of IT security breaches, with a particular focus on privileged accounts and the insider threat.
The research was run among 400 senior IT people with responsibility or visibility for network security.