Story image

Businesses are more aware of cybercrime but still not prepared

29 Mar 2018

New research has emerged that reveals better cybersecurity awareness doesn’t necessarily mean better preparation.

Commissioned by SolarWinds MSP and undertaken by the Ponemon Institute, the study asked 202 senior-level security executives in the US and the UK about emerging security threats.

Specifically, the study addressed those propagated by the “Vault 7” leaks, and the more massive global WannaCry and Petya ransomware attacks fueled by the “EternalBlue” Shadow Brokers leak.

Despite the majority being in agreement that cyberattacks are on the rise, most are confused about what threats pose the most risk as well as lacking the means to defend against them.

Less than half (45 percent) said they had the technology to prevent, detect and contain cybersecurity threats, while just 47 percent felt that they had enough budget.

While 69 percent of respondents had a high awareness of both WannaCry and Petya threats, they were far less aware of the potential of Vault 7 threats, with the highest level of awareness at 30 percent.

“The lack of knowledge among senior-level security executives is worrying—they know that attacks are on the increase, but many don’t know what they are and seem unable to effectively prevent them,” says Ponemon Institute founder Larry Ponemon.

“Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented.”

Potentially even more worrying than the confusion over risk was the actual number of attacks that had been detected, with 54 percent admitting that their businesses had experienced an attack in the last year. Of those, 47 percent had been unable to prevent the attack.

The result of these successful cyberattacks included the theft of data assets (52 percent), the disruption to business process (47 percent), and IT downtime (41 percent).

Some of the other findings include:

  • 29 percent said that they would be unable to prevent a Petya attack and 28 percent would be unable to prevent a WannaCry attack
  • Businesses are even less prepared for Vault 7 exploit attacks, with only 9 percent ready to prevent exploits of Vault 7 threats like Dark Matter or After Midnight
  • 44% of respondents who were aware of the WannaCry patch didn’t implement it
  • 55% didn’t patch for Petya

“There is a role for managed service providers (MSPs) to play based on this research, by supporting companies as they navigate the ever-evolving security threats businesses face. It’s a bit like the wild west now, as we saw from the widespread fallout from WannaCry and Petya, and may still see from Vault 7 if those leaks are more widely exploited,” says SolarWinds MSP VP of security architecture Tim Brown.

“Indeed, we have no crystal ball to know what threats lie on the horizon. Businesses need help with everything from awareness to technology to specialized staff. This study supports a view that MSPs have a unique opportunity to expand their security offerings to meet this need by filling gaps that can’t be easily filled in house.”

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.