The volume and the viciousness of cyberattacks continue to grow, at a time when many companies aren’t in a position to afford the costs associated with shoring up their defences.
However, new research suggests that companies can’t afford to avoid investment in cybersecurity solutions.
Recovery costs from a successful cyberattack topped $531,000 over the past year, according to 1,000 UK and US senior security leaders and IT professionals in government, defence, and other regulated industries surveyed by cybersecurity company Everfox for its CYBER360 report.
On average, leaders at the companies reported 127 cyberattack attempts per week, most commonly coming in the form of the exploiting of vulnerabilities, phishing attacks, and compromised credentials.
Companies are in a position to share that data thanks to detection technology, but 71% of respondents said that detection technology is too little, too late. More than three-quarters (78%) believe that a shift to prevention technologies is of utmost importance, yet 36% reported that stretched security budgets make it difficult to invest in new technologies.
“The detect-and-respond cycle may feel like the norm, but norms are only habits we have yet to challenge. True security comes when prevention becomes the standard,” Shaun Bierweiler, chief revenue officer for Everfox, said in the report. “By challenging these norms, we empower ourselves to create a more secure future.”
Among the report’s highlights is that while building walls of protection is paramount in the field of financial services, the cybersecurity battle often begins within a company’s walls.
Two-thirds of security professionals in financial services admitted to struggling to strike the right balance between information protection and information sharing. Meanwhile, one-third cited as a top cybersecurity challenge the risk of an employee, contractor, or other trusted individual exploiting their authorised access to do harm — compared with 27% across all surveyed industries reporting the same.
“In our current mission and business environments, data must be shared with colleagues, customers, and partners. Investment in ensuring that data is shared securely between networks is paramount to successful mission execution,” said Marianne Bailey, who served as deputy national manager for National Security Systems and as a senior cybersecurity executive for the National Security Agency within the US Department of Defense. “Secure sharing means that only allowable data is shared with approved environments and that sharing doesn’t provide an avenue for allowing malicious activity to traverse network boundaries. Implementing robust data transfer and data access solutions is now a necessity to do business in today’s contested digital world.”
— To comment on this article or to suggest an idea for another article, contact Bryan Strickland at Bryan.Strickland@aicpa-cima.com.
