61% of IT professionals have experienced a serious data breach, survey reveals. | Increasing severity of cyberattacks needs security systems integration and and employee training. It has been reported that IT professionals are struggling to protect their organisations against security breaches, with 61% claiming to have experienced a serious data breach while working for their current employer. The report is the result of an independent survey of IT professionals working in the UK, Australia, Canada, France, Germany, India and Singapore, and the USA, acros a wide spectrum of industries.
Serious data breach = reputational damage
In recent years there have been significant improvements in technologies to combat cyberattacks. However, those responsible for securing corporate networks, are fighting an increasingly tough battle, as cyber criminals continue to target intellectual property (IP), putting the reputation of the company at risk, as well as increasing financial liability. The survey revealed that 70% of all breaches in the UK require public disclosure, putting brand reputation at risk, compared with 73% globally, which represents an increase of 5% since 2015. The results for the UK also found that 64% of IT professionals believe that C-level executives should be fired if a data breach is serious enough, compared with just 55% globally. However, 61% of global respondents think the C-level executives they work with expect more lenient security policies for themselves. The report shows that there is a need for a cyber security strategy that includes the implementation of fully integrated security systems, combined with staff training and an enterprise-wide culture of security, in order to reduce numbers of breaches. Candace Worley, vice-president and chief technical strategist at McAfee said:
Threats have evolved and will continue to become even more sophisticated. …Organisations need to augment security measures by implementing a culture of security and emphasising that all employees are part of an organisation’s security posture, not just the IT team.
To stay ahead of threats, it is critical that companies provide a holistic approach to improving the security process by not only utilising an integrated security solution, but also practising good security hygiene.
Other key findings of the report
Data is now being stolen by a wide range of methods, with no single technique dominating the industry. The top vectors used to exfiltrate data are database leaks, cloud applications and removable USB drives.
Personally identifiable information (PII) and intellectual property (IP) are now tied as the data categories with the highest potential impact to 43% of respondents. Notably, PII is of greater concern in Europe (49%), most likely due to the recent enforcement date of the GDPR. In Asia-Pacific countries, intellectual property theft is of greater concern (51%) than PII.
IT is regarded as the culprit, with 52% of global respondents claiming IT is at fault for creating the most data leakage events, followed by business operations and production (29%) and sales (26%).
Highly regulated internal groups, including finance (12%) and legal (6%), are the most secure.
Security technology continues to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP), resulting in delayed detection and remediation actions.
IT professionals are taking action, with almost two-thirds stating they have purchased additional DLP, CASB and endpoint detection solutions over the past 12 months. Respondents believe that 65-80% of breaches experienced would probably have been prevented if one or more of these systems had been installed.
Nigel Hawthorn, a data privacy expert at McAfee, offered the following advice:
The first step is knowing where and how data is being used, shared and stored by employees. A good starting point to achieve this visibility is auditing corporate systems and networks to gain an understanding of the potential risks. Armed with this knowledge, IT can ensure that the right policies and safeguards are in place to protect data from device to cloud, detect malicious activity and correct any threats as soon as they arise. Improving the organisational culture is key. Despite increases in cyber security awareness and training, accidental employee-driven breaches account for a significant proportion of data loss. A strong security posture requires collaboration – both between employees and cyber security systems.
In addition to repeated cyber security training for staff, IT should focus on building proactive, platform-based and integrated cyber security systems that ensure tools can communicate to identify weak spots and reduce the risk of data breaches.