Preparing for the New Year in Cybersecurity
A new FireEye survey is out this month, and it’s interesting, so I wanted to look in to it, and compare it to the Avertium study we covered last time. One part that stuck out is that this study is even more optimistic about increasing cybersecurity spending. The latter figure was from approximately half of all respondents, while among FireEye’s participants, three-quarters (76%) have such plans in place for their cybersecurity budgets in 2020. This response from 800 cybersecurity executives around the world is fitting, since a majority of them also expect the threat landscape to worsen in 2020. Which it probably will. Let’s face it, we say that year after year and it always does, so why should it be any different now?
With that in mind, other figures are not quite as encouraging. One point on which the two studies conflict is in perception of readiness. Compared to the 39% for Avertium, 51% of organizations responding to FireEye say they are not prepared to handle a data breach. And among those that do have breach response plans, almost 29% have not tested their procedures in the last year, risking obsolescence and inefficiency.
About 12% identify having a response plan as the top preventative solution for their organization, which ranks it fourth on the list.
Third was employee training, which we’ve covered ad nauseum as it only takes one person clicking on a link to compromise a whole enterprise, partners, and customers, all at once. And yet a lack of training persists as an issue for many entities. As we saw with Avertium, 93% of organizations do have at least one such process, but apparently the state of affairs is still suboptimal.
Meanwhile, I suppose it’s a good thing for us that the top spot was claimed by security software and vulnerability management.
Unfortunately, when large organizations face a security incident, as Threatpost explores, the attack surface is exponentially wider, cyber defenses are more complex to manage, and the ripple effects can spread out far and wide. As a result, studies like the ones cited here are crucial to understanding where we stand on cybersecurity preparation, and how far we have to go. Organizations will once again be planning their infosec strategies for the new year – how can yours make sure it isn’t the next splash in the pond?