Survey highlights disconnect between security expectations and reality
A new survey of IT decision makers shows that 89 percent are confident their organizations are in a good position to protect themselves from attacks, but four out of 10 are not taking steps to lock down information, putting themselves at risk of data loss.
The study from security software company Varonis polled 500 IT decision makers in the UK, Germany, France and the US. Fifty-four percent of respondents believe their company will face a major attack in the next year.
Data theft and data loss are seen as the top concerns, with 26 percent reporting that their organizations have suffered loss or theft of data in the last two years. Eighty-five percent have changed or plan to change their policies and procedures in the wake of recent large scale attacks like WannaCry.
However, only 66 percent of US organizations and 51 percent of EU-based organizations surveyed fully restrict access to sensitive information on a "need-to-know" basis. Organizations in Germany are the least likely to restrict access (38 percent).
A majority (67 percent) of respondents report that their organizations have cybersecurity insurance policies. These are least prevalent in the US (62 percent) and most common in France (75 percent).
"Attackers are upping their game, using more sophisticated, blended attacks like WannaCry and NotPetya that make use of multiple attack vectors," says Varonis' CMO David Gibson. "At the same time, valuable data remains vulnerable to attacks that require little to no sophistication, like disgruntled employees snooping through overly accessible folders. While it's heartening that major security incidents are inspiring preparedness, if the past year is any indication, it is unlikely the actual security of these organizations aligns with perception."
You can read more about the findings in the full report which is available from the Varonis website and there’s an overview in the infographic below.
Image credit: Wavebreakmedia / depositphotos.com