Less than half of businesses are fully confident that they would know if a breach had happened or how according to Balabit’s global research report
New York, 22 March, 2018 – Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabit, a leading provider of Privileged Access Management and Log Management solutions. The report, titled Known Unknowns of Cyber Security, also revealed that seven out of ten (68%) businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months.
The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security concerns, their experience with IT security breaches, their understanding of how and when breaches occur, and the strategies they’re using to combat hackers.
Knowing your environment
The majority of businesses know very little about the nature of the security breaches that take place within their organisations. Whilst a high percentage of companies have experienced a breach, less than half of respondents (48%) feel fully confident that they would know if a breach had even happened, meaning that more could have taken place without their knowledge. Furthermore, only 42% of respondents feel very confident about what data was accessed during a breach, and a mere 39% were fully confident that they could identify the source of a breach.
Privileged users, who are granted the most access within an organisation, are vulnerable to attack and can open the door to insider threats, leading to internal tension around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that an insider data breach is the biggest threat they are facing in network security.
“Attacks are becoming more and more sophisticated and every organisation is at risk,” said Csaba Krasznay, security evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”
“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” Krasznay continued.
Turning the security unknowns into knowns
The research showed that 80% of respondents agree that educating employees is key to securing the network. The truth is, however, that businesses must aim for a balance between technology and employee education in order to tackle the insider threat, no matter if it is a malicious or accidental threat.
While 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It’s no surprise that there still isn’t a cohesive response to the on-going threat of cybercrime.
The research demonstrates that more often than not when the threat is unpredictable and already exists within a business, it is essential to create comprehensive security strategies. This should incorporate a balance of both employee education and appropriate security technology. This way, organisations can ensure they understand their environments and are prepared to tackle ever-evolving security threats.
The Balabit Unknown Network Survey was undertaken on behalf of Balabit by independent market research company Loudhouse to examine the changing attitudes towards security in business in October/November 2017. This research explores businesses’ concerns over IT security and their experience of IT security breaches, with a particular focus on privileged accounts and the insider threat.
The research was run among 400 senior IT people with responsibility or visibility for network security.
Balabit, a One Identity Business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions that help businesses reduce the risk of data breaches associated with privileged accounts.
Balabit’s integrated PAM solution protects organizations in real-time from threats posed by the misuse of high risk and privileged accounts. Solutions include Privileged Session Manager and Privileged Account Analytics, which together help organizations prevent, detect, and respond to cyber attacks involving privileged accounts, including both insider threats and external attacks using hi-jacked credentials. Working in conjunction with existing security tools, Balabit Privileged Access Management enables a flexible and people-centric approach to improving security without adding additional constraints to working practices.
Founded in 2000, Balabit has a proven track record, with 25 Fortune 100 customers and more than 1,000,000 corporate users worldwide. The company operates globally with offices across the United States and Europe, together with network of reseller partners.