Despite Successful Attacks, Orgs Aren't Upping Security Budgets
Despite significant concerns over both new threats (ransomware, specifically) and age-old, persistent ones (users unknowingly triggering attacks), for the majority of organizations, next year’s security plan essentially boils down to more of the same.
That’s according to Barkly’s Cyber Attack Statistics 2016 report, which found that when asked what adjustments they were planning on making to their security stack to better protect themselves from cyberattacks in 2017, nearly two-thirds of IT pros reported no changes were planned.
Only a slightly larger percentage of attack victims indicated they were making changes and improvements next year (31% compared to 23% of respondents, overall).
Even fewer organizations have plans to change or augment their antivirus solution: That's in spite of additional responses indicating antivirus performance was clearly a mixed bag. Of the organizations that acknowledged experiencing attacks, more than half reported their antivirus had been bypassed by one or more of them.
Meanwhile, the report shows that one third of the IT pros surveyed reported that their security had been bypassed by a cyberattack in 2016. Nearly six out of 10 respondents reported being aware that their organization was the target of one or multiple cyberattacks during 2016. And for more than half of the IT pros who reported experiencing attacks, the security they had in place unfortunately wasn’t enough to stop all of them. About 54% of those who were targeted suffered one or more successful attacks.
The numbers are even worse for organizations that were targets of ransomware attacks (57% of organizations that experienced attacks, overall): 71% of organizations targeted with ransomware attacks were infected.
“To recap, the majority of organizations out there are getting attacked,” said Barkly blogger Jonathan Crowe. “More than half of those organizations are getting infected. The protection they have in place is getting bypassed. Yet the majority aren't making any adjustments to change that.”
For some, the simple answer might be that they can't—they don't have the budget or support. Nearly 60% of the IT pros surveyed expect their 2017 IT security budget to decrease or stay the same. Only a third are planning to have more budget to work with.
Photo © Den Rise
Source: Information Security Magazine