Many companies are sleepwalking into a cybersecurity nightmare

2 Nov 2016

Sleepwalking into a nightmare. Image: leolintang/Shutterstock

A new report shows there is certainly no confidence crisis with your average company security executive when it comes to preventing cyberattacks, despite recent worrying trends.

Despite the near-daily reports of major cyberattacks conducted on big online entities, like the recent massive DDoS attack orchestrated using poorly secured IoT devices, it seems a number of security heads think their cybersecurity systems are doing just fine.

This comes following the release of a report from Accenture titled Building Confidence: Facing the Cybersecurity Conundrum that surveyed 2,000 enterprise security practitioners representing companies with annual revenues of $1bn or more in 15 countries.

Problem with keeping pace with threats

Having been quizzed on their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments, over half (51pc) of those surveyed said that it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.

This is unsurprising as the report also found that in the past twelve months, roughly one in three targeted cyberattacks resulted in a security breach, equating to up to three attacks per month.

Despite these rather worrying findings, 75pc of security executives surveyed claim to be confident in their ability to protect their enterprises from cyberattacks.

To make matters worse, the research also found that most companies do not have effective technology in place to monitor for cyberattacks and are focused on risks and outcomes that have not kept pace with the threat.

‘There needs to be a fundamentally different approach to security’

Even when new threats emerge, like the world’s largest DDoS attack that occurred in September, the research shows that organisations will continue to pursue the same countermeasures, instead of investing in new and different security controls to mitigate threats.

Rather, 54pc of those surveyed said priority is given to maintain the company’s reputation, while only 44pc said their priority following a breach is to protect consumer data.

“There needs to be a fundamentally different approach to security protection, starting with identifying and prioritising key company assets across the entire value chain,” said Kevin Richards, managing director of security for Accenture in North America.

“It is also clear that the need for organisations to take a comprehensive end-to-end approach to digital security – one that integrates cyber defence deeply into the enterprise – has never been greater.”