Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 46% of organizations said their cybersecurity strategy rarely changes substantially, even after suffering an attack. — CyberArk, 2018
- 46% of security professionals said that their organization can't prevent attackers from breaking into internal networks each time a hack is attempted. — CyberArk, 2018
Despite an increasingly sophisticated cyber threat landscape, organizations are failing to proactively update their security defenses, according to a new report from security firm CyberArk. Some 46% of the 1,300 IT professionals and business leaders surveyed said that their organization's security strategy rarely changes substantially, even after suffering a cyberattack.
Further, 46% of security professionals said that their organization can't prevent attackers from breaking into internal networks each time a hack is attempted, the report found. And only 8% of security leaders said that their company continuously conducts penetration testing to determine where vulnerabilities may sit.
"In medium to large organizations especially, there is a need for security teams to reset expectations around where security priorities and spend should be focused," the report stated. "These findings support the dangers of inertia, with organizations not taking the initiative to make necessary changes following an attack."
SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)
Organizations are also failing to protect privileged credentials and data in the cloud, the report found. While 50% of IT professionals said their organization stores business-critical information in the cloud, 49% said they have no privileged account security for the cloud—so they are storing data in the cloud, but not taking additional steps to protect it.
In terms of protecting passwords, 36% of companies reported that administrative credentials were stored in Word or Excel documents on company PCs, 34% said they were stored on shared servers or USB drives, and 19% said they were stored on printed documents in physical filing systems.
Many organizations are also failing to adequately protect endpoints, the report found: Only 52% of IT security professionals said they keep their operating systems and patches current, and 29% employ whitelist application controls.
As professionals reported the greatest security threats facing their organization are targeted phishing attacks (56%), insider threats (51%), and malware and ransomware (48%), it's important for companies to remain vigilant about cybersecurity best practices. For more tips on how to keep your employees cybersecure, click here.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- 3 things you need to know about cybersecurity in an IoT and mobile world (ZDNet)
- Consumers now value security over convenience on apps and devices, report says (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.