Study Reveals Businesses Are Not Ready for Increasing Cyberattacks

Businesses are seeing the value of cybersecurity and the need to spend more on cybersecurity because threats are changing at a fast rate. The challenge for companies is making sure that their defenses enable them to block the actions of cybercriminals, however, the rate at which data breaches are reported indicates a lot of companies are having difficulties keeping up.

To know how to secure their companies, IT leaders must understand how cybercriminals are breaking defenses. Then, they can decide about the security options they need to spend on that will give good ROI with regards to security.

Keeper Security lately performed a survey on 516 IT decision-makers in the United States to learn how cybersecurity is changing and where companies are purchasing cybersecurity resources. Keeper released the survey results in its U.S. Cybersecurity Census Report for 2022. The report talks about the risks that companies face and the tactics they may follow to better handle cyber threats and to stay ahead of the cyber criminals that are attacking their networks.

Businesses Making Cybersecurity a Key Priority

According to the survey, 71% of companies had new hires in cybersecurity over the last 12 months. But despite more skilled employees, businesses worry that they can’t keep pace with the quick-changing cyber threat landscape.

U.S. company experiences about 42 cyberattacks per year and IT leaders forecast that attacks will grow in the following 12 months. Most of the respondents stated they believe in their capability to protect against cyber threats and that they have the needed cybersecurity tools to guard against attacks, although a majority of surveyed companies encountered a successful cyberattack last year. IT chiefs additionally state that identifying and responding to cyberattacks now takes longer.

The Effect of Cyberattacks on Businesses

31% of companies stated they had suffered a successful cyberattack causing interrupted partner/customer operations. The same number said that attacks brought about stolen financial data. 28% mentioned that the attacks resulted in reputational damage, and the same number also mentioned stolen corporate data. About 25 % said the attacks disrupted the supply chain as well as the trading/business operations. There is a significant financial effect on businesses because of the attacks. The average cost of successful attacks to businesses is $75,000 per case. More or less 4 in 10 companies said that the cost to resolve attacks is over $100,000.

Lacking Technology to Fight Cyberattacks

Although the confidence in cybersecurity defenses was high, the survey showed the technology being employed to protect against attacks was lacking the necessary tools. About 33% of companies have no management system for IT secrets, for example, database passwords, privileged credentials, and API keys. 84% of survey respondents were worried regarding hard-coded credentials in source code, nevertheless, 25% of companies didn’t have any software program to remove them.

58% of Americans today work remotely, yet over 25% of businesses mentioned they have no remote connection management system set up allowing their remote workers to access their IT infrastructure securely.

The survey also discovered identity and access management vulnerabilities. Merely 44% of businesses stated they have employees guidelines on regulating passwords and access management. Three out of 10 companies allow their workers to set and handle their own passwords and confessed that employees often share their passwords. Just 26% of companies said they own a highly advanced framework for visibility and controling identity security.

The laissez-faire method of access management show that there’s more to do to protect businesses and their workers. The following lists the major areas of security that companies plan to spend on in the following 12 months:

  • security awareness training (54%)
  • developing a culture of compliance (50%)
  • password management (48%)
  • enhancing visibility to identify network threats (44%)
  • infrastructure secrets management (42%)
  • passwordless authentication (42%)
  • use a zero-trust and zero-knowledge strategy to security (32%)

Although it is good to see numerous companies making cybersecurity the main priority, the survey showed too little transparency regarding cyberattacks at lots of businesses. 48% of IT leaders admitted that they knew about a cyberattack but didn’t report it to the appropriate authority. This shows a need to develop a culture of trust, responsibility, and responsiveness to stop cyber criminals from thriving.