Earlier this week, I wrote about the disconnect that many IT professionals have between the poor performance of their security detection systems and the likelihood of being the target of an attack.
A new study released yesterday may force them to rethink their attitude about cyberattacks. According to the IID and Ponemon Institute survey, 47 percent of organizations, both in the private and public sector, were breached in the past two years. That’s up from 43 percent in a similar study conducted last fall.
And these numbers are low, depending on the type of industry you are in, or the size of the company. Health care, for instance, is a prime target for attackers, with 81 percent of companies within the industry suffering a breach. And the bigger the company, the greater the risk, as SC Magazine pointed out:
… 90 percent of large companies have suffered a data breach over the last year, compared to 81 percent last year. Small medium enterprise (SMEs) were also at risk, with 74 percent reporting breaches compared to 60 percent a year ago.
Clearly, the chances of any organization suffering a cyberattack are growing. It seems almost foolish to think that you won’t be a target at some point. But do you really need to be a victim? According to eSecurity Planet, perhaps not:
The survey . . . also found that 65 percent of respondents said they believed threat intelligence could have prevented or minimized the impact of that breach.
Three-quarters of the respondents stated that the exchange of threat intelligence will play a major role in improving an organization’s security position which, of course, is one of the goals of the new Cybersecurity Information Sharing Act.
Here are a few takeaways from these different studies.
First, cyberattacks are going to happen and they are going to happen to your business at some point. Second, threats aren’t happening in a vacuum. It is clear that preparedness happens in multiple forms, beginning with the right tools and systems in-house and continuing into information sharing and cooperation.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba