A Third of Infosec Pros Believe They’re under Cyber-Attack but Don’t Know Yet

If security incidents in the past few years are any indication, cybersecurity professionals face a bumpy road ahead. While some IT security chiefs are prepared to hang up their boots, many are almost certain their organization is under attack from hackers but they haven’t yet learned of it.

A Bitdefender survey of more than 6,000 infosec professionals in large organizations across the US, EMEA and APAC reveals a continued lack of budget, talent and training, leaving significant room for improvement in 2020.

57% of those surveyed said their organization experienced a breach in the past three years, while 24% had suffered a breach in the first half of 2019. Some 36% of infosec pros who haven’t suffered a cyber-attack in the past few years believe they likely are currently facing one but don’t know about it.

Our research shows no organization is impervious to a data breach, but an understanding of how cybersecurity professionals view risk reveals some clear weak spots — both on the organizational and individual levels.

Asked to name the biggest cyber threat to their organization, 36% answered “phishing/whaling.” In fact, chief information security officers consider today’s landscape a minefield riddled with cyber threats. 29% also cite Trojans as their main concern, while 28% name ransomware. Compliance risks and unpatched software are equally concerning aspects cited by CISOs in the polled geographies. 24% also named DDoS attacks as high risk for their organization.

Ransomware and DDoS attacks are notoriously dangerous for business in today’s digital economy – both threats are immensely disruptive to operations, preventing mission-critical applications from working properly and blocking revenue streams for weeks, even months.

Asked, “What would be the main consequences for your company of being unaware of a currently ongoing breach?” 43% cited business interruptions, followed by reputational costs (38%), loss of revenue (37%), loss of intellectual property (31%), legal fines and penalties (27%), and job loss for responsible IT and C-level execs (23%).

Our research also shows the number of companies falling victim to data breaches has actually decreased over the past three years. However, it’s also true that bad actors are getting better at remaining undetected. It stands to reason that IT departments are also finding it more difficult to tell when data is stolen. And there has been no shortage of security advisories in 2019 reflecting this reality, especially in the healthcare sector.

Source: https://securityboulevard.com/2020/01/a-third-of-infosec-pros-believe-theyre-under-cyber-attack-but-dont-know-yet/