Cyber Security Teams Worry Most About Phishing & Ransomware

Nearly 90% of security professionals are most concerned about phishing and ransomware attacks. This is especially alarming, as only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a report by the cyber security experts at Balbix reveals. 
 
Organisations and their IT staffs have to battle a variety of cyber threats in their quest to keep their businesses and resources safe and secure. But some threats are more pervasive and challenging than others. In their report released Balbix looks at the top threats cited in a survey of security professionals. 
 
The 2020 State of Enterprise Security Posture Report reveals that cyber security teams are struggling with a lack of visibility into threats, endpoint devices, access privileges, and other key security controls necessary for a robust cyber security posture.
 
The report is based on the results of a comprehensive online survey of IT and cyber security professionals in the US, conducted in May 2020 to identify the latest trends and concerns in the cybersecurity community.  The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organisations of varying sizes across multiple industries.
 
The findings also determined that 64% of organisations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organisations. Specifically, 46% find it hard to tell which vulnerabilities are real threats vs ones that will never be exploited. 
 
Limited visibility of the overall attack surface (37%), and the burden of being inundated with far too many alerts to act upon (25%) were found as additional significant concerns. 
 
The report shows that security professionals remain inundated with the challenge of maintaining clear observation and visibility of the changing electronic global-scape. 
 
Additional Report Findings
  • The second biggest security threat faced by organisations, after phishing web and ransomware attacks, is unpatched systems (53%); misconfigurations (47%) follows as the third main risk driver
  • 68% list unpatched systems as the top area that they have continuous visibility into, followed by identity and access management (59%) and phishing, web and ransomware (48%)
  • Only 13% of cyber security leaders feel like presentations to the board go very well and that the board understands the cyber risk posture of the enterprise
  • 60% of organisations have knowledge of fewer than 75% of the assets on their networks, with most claiming only spotty understanding of business criticality and categorisation
  • 80% of organisations provide more access privileges than are necessary for users to do their jobs, unnecessarily adding substantial risk to their organisations
  • Only 58% are capable of determining all vulnerable assets within 24 hours following news of critical exploits
To solve this challenge, enterprises must start with gaining continuous, comprehensive visibility of real risks to their organisation, including not only where they have weaknesses or vulnerabilities, but also whether those weaknesses are likely to impact them. 
 
HelpNetSecurity:        Balbix:       TechRepublic:       Dark Reading
 
You Might Also Read: 
 
Vital Necessity Of Cloud Computing Highlights Security Risks:
 
« The Effects Of GDPR On EU / US Relations
Using Artificial Intelligence In Academic Research »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Plan B

Plan B

Plan B is a specialist IT continuity and Disaster Recovery Service provider.

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

Trustaira

Trustaira

Trustaira provides end-to-end advisory, protection and monitoring services and solutions are focused to protect our clients’ information, IT infrastructure, networks, applications and databases.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

Jitsuin

Jitsuin

Jitsuin enables developers with tools and services to build verifiable digital trust between organizations.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.