Group, a premier research and marketing firm serving the security
industry's top vendors, today announced immediate availability of its
fourth-annual Cyberthreat Defense Report. New this year, the report
found that 61 percent of responding organizations were compromised by
ransomware in 2016, while the percentage of organizations affected by
successful cyberattacks reaches an all-time high. Further, one in five
respondents indicated dissatisfaction with Microsoft's available
protections for securing Office 365 deployments, opening the door for
third-party security solutions.
1,100 IT security decision makers and practitioners participating from
15 countries, six continents, and 19 industries, the CyberEdge's
Cyberthreat Defense Report is the most comprehensive study of security
professionals' perceptions in the industry. This study provides a
360-degree view of organizations' security threats, current defenses,
and planned investments. Consistent with findings in CyberEdge's prior
three annual reports, the 2017 report finds that network breaches are
rising, under-trained employees pose the greatest security risk, and
malware is more troubling than ever.
2017 Cyberthreat Defense Report yielded dozens of insights into the
challenges faced by IT security professionals today. Key findings
- Held hostage by ransomware. 61
percent of respondents indicated that their organization was victimized
by ransomware last year. Of those affected, 33 percent paid the ransom
and recovered their data, 54 percent refused to pay but successfully
recovered their data anyway, and 13 percent refused to pay and
subsequently lost their data.
- Microsoft leaving the door open? One
in five respondents is not satisfied with the protections Microsoft
provides to secure Office 365 environments, leaving the door open for
third-party security solutions.
- Rising attacks are the new norm. The
percentage of organizations affected by successful cyberattacks has
risen for the third-consecutive year - from 62 percent in 2014, to 70
percent in 2015, to 76 percent in 2016, and now to 79 percent in 2017.
Today, three in five believe a successful cyberattack in the coming year
is more likely than not.
- Now hiring. An
astounding nine out of 10 respondents indicated their organization is
suffering from the global shortage of skilled IT security personnel. 51
percent of respondents are leveraging external vendors and contractors
to fill the void.
- Cyber insurance reaches critical mass. Three-quarters
of respondents rate their organization's level of cyber insurance
investment as adequate. Less than nine percent of respondents expressed
concern over insufficient coverage.
- Network deception technology excites. Of
16 network security technologies depicted in the survey, honeypots /
network deception technology (41 percent) is the one most sought after
in the coming year, followed by next-generation firewalls (39 percent)
and user and entity behavior analytics (38 percent).
- Database and web application firewalls reign supreme. When
asked which of 11 application and data-centric security technologies
are currently deployed by their organizations, respondents ranked
database firewalls and web application firewalls (WAFs) highest, each
with a 65 percent adoption rate.
- Underinvesting in the human firewall. When
respondents were asked what's inhibiting them from securing their
employers' networks, "low security awareness among employees" was the
top response for the fourth-consecutive year, followed by "lack of
skilled personnel" and "too much data to analyze."
the definition of insanity is doing the same thing repeatedly and
expecting a different result, then perhaps, as an industry, we're going
insane," said Steve Piper, CEO of CyberEdge Group. "Each year, we invest
more in security, yet frequency and severity of data breaches rise. But
why? I believe I can offer two partial explanations, inspired by this
year's Cyberthreat Defense Report. First, for the fourth-consecutive
year, respondents indicate that ‘low security awareness among employees'
is the greatest inhibitor. OK, then invest more in training! And
second, we consistently hear that most data breaches stem from
exploiting old vulnerabilities. OK, then get patching! Investing in
best-of-breed security defenses is always prudent, but to stop the
bleeding, we've got to invest more in our human firewalls and reducing
our network attack surfaces."
findings of CyberEdge's latest Cyberthreat Defense Report are
consistent with what we're seeing in the industry," said Mike Rothman,
president of Securosis. "There are more attacks, more sophisticated
malware, and more complexity ahead relative to skyrocketing cloud usage,
all making it more challenging to execute on a security program. This
difficulty is compounded by the global security skills shortage and the
ongoing inability for most employees to not click on links that
compromise their devices. On the positive front, budgets continue to
increase and security initiatives are very high profile, consistently
getting board room visibility. So all in all, it's the best of times and
the worst of times for security folks."Report Available Now
The 2017 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at http://www.cyber-edge.com/cdr.