Cybersecurity awareness doesn't fuel better preparation

More than half of senior security executives lack the means to face today's biggest security threats, according to the study.

  • 6 years ago Posted in
 
SolarWinds MSP has released new research on senior security executives' awareness of and readiness for increased malware and ransomware threats.

The study, commissioned with the Ponemon Institute, asked 202 senior-level security executives in the US and UK about emerging security threats. Specifically, the study addressed those propagated by the "Vault 7" leaks, and the more massive global WannaCry and Petya ransomware attacks fueled by the "EternalBlue" Shadow Brokers leak.

It revealed that while most agree attacks are increasing, they are confused about what threats pose the most risk and lack the means to defend against them.

Most respondents did not think their organization had the budget or technology to deal with cybersecurity threats.

  • Just 45% said that they had the technology to prevent, detect, and contain cybersecurity threats, while only 47% felt that they had enough budget to cope.
  • The survey found that while a majority (69%) of respondents had a high awareness of both WannaCry and Petya threats, they were far less aware of the potential of Vault 7 threats, with the highest level of awareness at 30%.

The number of attacks that businesses had detected was potentially even more worrying than the confusion over risk.

  • A majority (54%) of security executives admitted that their business had experienced an attack in the last year. Of those, almost half (47%) had been unable to prevent the attack.
  • The result of these successful cyberattacks included the theft of data assets (52%), the disruption to business process (47%), and IT downtime (41%).

The survey also revealed that businesses do not feel prepared to prevent attacks:

  • 29% said that they would be unable to prevent a Petya attack and 28% would be unable to prevent a WannaCry attack.
  • Businesses are even less prepared for Vault 7 exploit attacks, with only 9% ready to prevent exploits of Vault 7 threats like Dark Matter or After Midnight.

Another key finding was the lack of remediation:

  • 44% of respondents who were aware of the WannaCry patch didn't implement it.
  • 55% didn't patch for Petya.

"The lack of knowledge among senior-level security executives is worrying-they know that attacks are on the increase, but many don't know what they are and seem unable to effectively prevent them," said Larry Ponemon, Founder, Ponemon Institute. "Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented."

"There is a role for managed service providers (MSPs) to play based on this research, by supporting companies as they navigate the ever-evolving security threats businesses face," said Tim Brown, VP of security architecture, SolarWinds MSP. "It's a bit like the wild west now, as we saw from the widespread fallout from WannaCry and Petya, and may still see from Vault 7 if those leaks are more widely exploited.  Indeed, we have no crystal ball to know what threats lie on the horizon. Businesses need help with everything from awareness to technology to specialized staff. This study supports a view that MSPs have a unique opportunity to expand their security offerings to meet this need by filling gaps that can't be easily filled in house."

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...