A recent VIPRE Security survey of 250 IT managers at U.S. firms with 50 to 1,500 employees found that 66 percent of respondents said a cyber attack would cause their business to shut down either temporarily (44 percent) or permanently (22 percent).
Still, 55 percent of respondents don't have a documented incident response plan.
Fifty-five percent of respondents rely on manual processes to respond to an attack, and just 41 percent have access to an online security dashboard.
Just two percent of respondents apply software patches more than once a week. Twenty-four percent apply patches weekly, another 24 percent do so every two to three weeks, and another 25 percent apply patches on a monthly basis.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Forty percent of respondents conduct cyber security training monthly, and 39 percent do so quarterly. Only one percent of respondents don't do it at all, and another 18 percent conduct user security training annually.
A separate VIPRE survey of 250 U.S.-based managed service providers (MSPs) found that 62 percent said a cyber attack that compromised their clients' systems and data would force a shutdown of their business, either for a day (44 percent) or permanently (18 percent).
Still, 41 percent of MSPs apply software patches at least weekly, 74 percent have a documented incident response plan, and 56 percent use an online security dashboard.
In response to the study's findings, VIPRE offered the following five suggestions to IT managers:
- Develop and implement a strategy to apply patches as quickly as possible when issued
- Make the case to management to invest in security platforms with anytime/anywhere access for quick response to attacks
- Percent management to invest in security tools with easy-to-use Web-based dashboards, automation and rapid report compilation
- Develop, document and ipmlement an incident response plan
- Consider outsourcing security to an MSP specializing in data and network protection
Expecting a Breach
A separate SailPoint survey of 600 senior IT decision makers found that 71 percent of respondents believe their organization's data would be less exposed if they were better equipped to manage it -- three in five respondents expect to be breached in 2017, and a third don't even expect to know when it happens.
Just 33 percent of respondents would be able to produce a company-wide report within 24 hours on who has access to what resources and what can be done with that access.
And while seven out of 10 organizations have embraced BYOD, less than half have formal policies in place for BYOD and corporate data.
Seventy-two percent of respondents are concerned about shadow IT and BYOD as exposure points, and three in 10 say their users simply aren't following the security guidelines put in place by their organization.
Similarly, six in 10 respondents are concerned about the threat that third party vendors pose to their organization, but 86 percent say they only have partial visibility into the access those vendors have to their corporate systems and sensitive data.