61% of IT pros have experienced a serious data breach

Cybercriminals continue to target intellectual property, putting companies at risk for financial and brand reputation hits, according to McAfee.

What to include in an enterprise cybersecurity plan

Despite improvements in cybersecurity efforts, IT security professionals still struggle to protect their organizations from breaches, according to a Tuesday report from McAfee. Some 61% of IT security pros said they have experienced a serious data breach at their current employer. These breaches are becoming a more serious issue, as hackers increasingly target intellectual property, putting a company's reputation and finances at risk, the report noted.

Cybercriminals are using a wider variety of methods to steal corporate data, the report found. The top vectors used to do this today are database leaks (38%), network traffic (37%), file shares (36%), and corporate email (36%).

SEE: You've been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)

When a breach does occur, IT teams are often blamed, as 52% of respondents said IT was at fault for creating the most data leakage events, the report found. However, a rift exists in terms of cybersecurity accountability: 55% of IT professionals said they believed that C-level executives should lose their jobs if a breach is serious enough, yet 61% also said that C-level executives they work with expect more lenient security policies for themselves, the report found. This disparity in expectations results in more breaches 65% of the time, IT professionals reported.

"Threats have evolved and will continue to become even more sophisticated," Candace Worley, vice president and chief technical strategist at McAfee, said in a press release. "Organizations need to augment security measures by implementing a culture of security and emphasizing that all employees are part of an organization's security posture, not just the IT team. To stay ahead of threats, it is critical companies provide a holistic approach to improving security process by not only utilizing an integrated security solution but also practicing good security hygiene."

A strong cybersecurity strategy that can reduce the risk of a breach must include a combination of software solutions, employee training, and a security-focused culture, according to the report.

For more on how to create a cybersecurity strategy, check out TechRepublic's Special report: A winning strategy for cybersecurity.

Also see

Image: iStockphoto/NicoElNino