First, here’s the good news: Organizations today are in the midst of digital transformations and an acceleration of their online presence that is enriching their products, deepening customer relationships, and boosting the companies’ brands.
The bad news is that cyber adversaries are also taking advantage of this transformation, leveraging the digital ecosystem and taking advantage of user trust to steal data, bring down systems, and otherwise wreak havoc on organizations.
These are among the key observations of a recent report by research firm IDC Connect for RiskIQ. The study, “2017 State of Enterprise Digital Defense Report,” is based on a survey of 465 IT security decision makers in organizations with more than 1,000 employees in the U.S. and U.K., and quantifies a growing “security management gap” and the business impact of external Web, social, and mobile threats.
In general, the survey revealed a “bleak outlook” of organizations’ digital defense posture, with many cyber security practitioners overwhelmed by the scale and tenacity of threats and lacking confidence in their processes, systems, and tools, the report said.
While the results “were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organizations are protecting their businesses, customers, and brands, and fortifying digital transformation," said Martin Veitch, editorial director at IDG Connect.
The survey found that digital transformation and the external threat landscape have outpaced enterprise security capacity. Some 40% of organizations had experienced five or more significant security incidents within the past 12 months. Among the most cited external threats were malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.
A majority of respondents (68%) expressed zero to modest confidence in their organization’s ability to manage digital threats, 70% had zero to modest confidence in their ability to reduce their digital attack surface, and 69% cited zero to modest confidence in their ability to mitigate or prevent external digital threats.
Most of those surveyed are aware that some of their digital security measures are immature or ineffective, with only 31% expressing high confidence in the likelihood that their organizations can mitigate or prevent digital threats.
More than half of survey respondents expect their near-term digital defense investment to increase between 15% to 25%. Correspondingly, nearly half of respondents view cyber threat intelligence as very important, and all of the respondents saw cyber threat intelligence tools as being very important or somewhat important—particularly in fortifying research and in reducing time to respond to external threats.
When asked about the value they have gained by integrating digital threat intelligence and management tools to other security control tools, firewalls, security event management and logging, risk assessment, systems management, and orchestration were regarded as benefiting the most.
Other key highlights of the research were that big brands in banking, retail, and consumer goods had the most prevalence of attacks; digital threat management appears more progressive among organizations in financial services, manufacturing, and consumer goods, as expressed by overall expenditure; larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale; and smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.
Across all industries, companies have deployed an average of 35 cyber security tools to stop Web, social, and mobile threats, and 14% of the organizations said they will increase security tool and service expenditures by more than 25%. Organizations outsource one third of their digital threat management tasks to managed security service providers, the report said, and outsourcing will grow by nearly 13% over the next two years.
As the report concludes, the digital transformation underway brings a certainty that adversaries will attempt to capitalize on the new level of connectivity, and exploit organizations’ digital presence. While internal threats should not be ignored, the more significant risk comes from outside, through phishing, malware, domain infringement, ransomware, malicious mobile apps, and other security issues.
As illustrated by their own self-assessments that show a lack of confidence in their ability to prevent breaches, organizations have lots of work to do to improve their security posture and address these threats. Fortunately, many enterprises are aware of the threats and the need to improve their defenses. By doing that, they can more fully realize the business benefits of digital transformation.