Four in ten companies in the US and the UK experienced five or more significant security incidents in the past year, among most cited external threats being malware, ransomware, and browser lockers (44%), phishing email, web or social (42%), domain infringement or DNS exposure/direct (42%), scams and disingenuous ads (40%), mobile app exposures and unknown or unauthorized rogue company mobile app (37%), and brand abuse and defacement (35%), according to a recent survey conducted by IDG.
Almost all respondents (99.4%) plan to increase their investments in digital threat management tools and services - the majority expect to increase spend by 15-25 %or higher over the next 12 to 18 months.
According to survey respondents, 70% have no to modest confidence in their organization’s ability to identify, monitor and defend components comprising their digital attack surface. However, these assets are ones that are most visible to threat actors and, if vulnerable, are most likely to be exploited, inflicting damage on brand, customer trust, and reputation.
Ransomware attacks, forcing victims to pay to unencrypt data or systems, appear to have become more aggressive and attackers have expanded their targets. The 2017 WannaCry and NotPetya cases show the potential of ransomware to wreak havoc in healthcare and other state infrastructure, respondents say. Targeted attacks aimed at specific organizations are ranked as‘ high impact ’while theft of credentials and intellectual property can clearly have a huge effect on organizations, the report shows.
"IP theft is tough to come back from as assets can quickly be shared on the dark web or even the public internet, leaving acompany’s value, brand investment, unique selling points, and perhaps many years of research and development exposed," according to the study.
“Generally, considering the growth in CSO/CISO appointments ,rising awareness of the seriousness of security threats, new and incoming privacy governance rules such as GDPR, the increase in state-sponsored cyberattacks and prevailing high-profile media stories on affected organizations, the overall finding towards digital defense maturity is low,” authors of the report noted.
The survey polled over 450 senior IT security decision makers based in the US and the UK working in organizations with 1000+ employees across multiple industries.