Cyber Security Teams Worry Most About Phishing & Ransomware

Nearly 90% of security professionals are most concerned about phishing and ransomware attacks. This is especially alarming, as only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a report by the cyber security experts at Balbix reveals. 
 
Organisations and their IT staffs have to battle a variety of cyber threats in their quest to keep their businesses and resources safe and secure. But some threats are more pervasive and challenging than others. In their report released Balbix looks at the top threats cited in a survey of security professionals. 
 
The 2020 State of Enterprise Security Posture Report reveals that cyber security teams are struggling with a lack of visibility into threats, endpoint devices, access privileges, and other key security controls necessary for a robust cyber security posture.
 
The report is based on the results of a comprehensive online survey of IT and cyber security professionals in the US, conducted in May 2020 to identify the latest trends and concerns in the cybersecurity community.  The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organisations of varying sizes across multiple industries.
 
The findings also determined that 64% of organisations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organisations. Specifically, 46% find it hard to tell which vulnerabilities are real threats vs ones that will never be exploited. 
 
Limited visibility of the overall attack surface (37%), and the burden of being inundated with far too many alerts to act upon (25%) were found as additional significant concerns. 
 
The report shows that security professionals remain inundated with the challenge of maintaining clear observation and visibility of the changing electronic global-scape. 
 
Additional Report Findings
  • The second biggest security threat faced by organisations, after phishing web and ransomware attacks, is unpatched systems (53%); misconfigurations (47%) follows as the third main risk driver
  • 68% list unpatched systems as the top area that they have continuous visibility into, followed by identity and access management (59%) and phishing, web and ransomware (48%)
  • Only 13% of cyber security leaders feel like presentations to the board go very well and that the board understands the cyber risk posture of the enterprise
  • 60% of organisations have knowledge of fewer than 75% of the assets on their networks, with most claiming only spotty understanding of business criticality and categorisation
  • 80% of organisations provide more access privileges than are necessary for users to do their jobs, unnecessarily adding substantial risk to their organisations
  • Only 58% are capable of determining all vulnerable assets within 24 hours following news of critical exploits
To solve this challenge, enterprises must start with gaining continuous, comprehensive visibility of real risks to their organisation, including not only where they have weaknesses or vulnerabilities, but also whether those weaknesses are likely to impact them. 
 
HelpNetSecurity:        Balbix:       TechRepublic:       Dark Reading
 
You Might Also Read: 
 
Vital Necessity Of Cloud Computing Highlights Security Risks:
 
« The Effects Of GDPR On EU / US Relations
Using Artificial Intelligence In Academic Research »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

RFA

RFA

RFA is an institutional-quality IT, financial cloud and cyber-security services provider to the financial service and investment management sector.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.