WannaCry and NotPetya Had Little Impact on Security Spend
Despite the huge impact WannaCry and NotPetya had on organizations, the two ransomware campaigns earlier this year did little to affect budgets or boardroom interest in security, according to a new study.
AlienVault polled over 230 information security professionals around the world to see if anything had changed following the two major attack campaigns of May and June.
The bad news is that only 14% have had their cybersecurity budgets increased. This comes at a time when UK business spending in this area has been cut by as much as a third on last year — down from £6.2m to £3.9m, according to PwC.
“Working life has become much more difficult for many IT professionals in the wake of these attacks. But the preventative measures that many are engaged in, such as patching and security reviews, points towards a panicked reaction from management tiers,” argued security advocate Javvad Malik.
“Given the unpredictable nature of today’s security environment, organizations should focus their efforts on detection and response.”
However, overall spending on security is set to rise 8% from this year to top $96bn in 2018 as firms rush to invest in new technologies to prevent breaches and meet regulatory compliance requirements, according to new Gartner figures.
The analyst claimed that firms were indeed investing more in detection and response, especially at the endpoint, as well as automation and outsourcing.
There was more bad news from AlienVault: only 16% of IT security professionals polled said they thought their bosses have started taking a greater interest in their roles because of WannaCry and NotPetya.
What’s more, just a fifth of respondents claimed they had been able to implement changes or projects that were previously put on hold.
On the plus side, over a quarter (28%) said they think that most people in the organization listen to their IT advice more than they did before the incidents.
Source: Information Security Magazine