Nearly Half of IT Decision Makers Expect Major Cyber Attack In The Next 12 Months

Herbstlaub-virus-screenshot

Nearly half of IT decision makers expect a major, disruptive cyber attack in the next 12 months according to a security survey released today by Varonis. Varonis, a provider of cybersecurity software, surveyed 500 IT decision makers in the UK, Germany, France and the U.S.

According to the findings, 89 percent of security professionals are confident that they have sufficiently protected their organizations from cyber adversaries, but they aren’t ruling out attack. The top security concerns listed in the survey were data theft and data loss.

Despite broad confidence in security infrastructures, the survey data shows that attackers are making it through. 25 percent of respondents reported their organization was hit by ransomware in the past two years. 26 percent also reported their organization experienced the loss or theft of company data in the past two years.

Many enterprises changed their security infrastructure in response to big structural attacks like WannaCry, but adversaries have also increased the sophistication of their attacks in response. “It is encouraging that IT professionals are understanding that it’s a matter of when, not if, their organization will be hit with a damaging cyberattack. However, their level of confidence when it comes to security is inconsistent with what we see in practice,” said John Carlin, former Assistant Attorney General for the U.S. Department of Justice’s National Security Division and currently chair of Morrison & Foerster’s global risk & crisis management practice. “The reality is that businesses are consistently failing to restrict access to sensitive information and are regularly experiencing issues such as data loss, data theft and extortion in the form of ransomware.”

As CivSource reported last week, certain security approaches like microsegmentation, which are designed to protect information at the packet level have grown in popularity in response to the sophistication of cyber adversaries. But, security practices and policy remain largely uneven across enterprises and governments.

According to the Varonis survey, Only 66 percent of U.S. organizations and 51 percent of EU-based organizations surveyed fully restrict access to sensitive information on a “need-to-know” basis. Organizations in Germany are the least likely to restrict access (38 percent).

The full survey is available here.