© 2019 SourceMedia. All rights reserved.

More firms fear a data breach, lack strategy to respond

The number of businesses that acknowledge a security breach will most likely happen to them at some point is on the rise, and many remain unsure about the most effective strategy to stop attacks, according to research from security vendor Kaspersky Lab.

As part of the study, the company surveyed 5,274 global IT and business decision makers in April 2017, and found that a majority of organizations (57 percent) realize a security breach will happen to them at some point. That compares with 51 percent the year before.

breached bank.jpg
Data cables connect to a computer server unit inside a communications room at an office in London, U.K., on Monday, May 15, 2017. Governments and companies around the world began to gain the upper hand against the first wave of an unrivaled globalcyberattack, even as the assault was poised to continue claiming victims this week.Photographer: Chris Ratcliffe/Bloomberg

Many of the organizations (42 percent) remain unsure of the most effective strategy to combat threats such as targeted attacks. Perhaps of greater concern, the study showed that uncertainty is significantly higher (63 percent) among respondents who are IT security experts and should therefore be more familiar with the issue, the report said.

The study shows that targeted attacks have become one of the fastest growing threats in 2017, increasing in overall prevalence by 11 percent for large enterprises. In addition, two-thirds of respondents agreed that threats are becoming more complex and for more than half (52 percent) it’s becoming difficult to tell the difference between generic and complex attacks.

Surprisingly, a majority of companies (77 percent) think they spend enough, or even overspend, on protection against targeted attacks. This might be due to how threat protection is perceived, the report said. Threats are sometimes seen as a technical problem to be solved through buying and deploying more advanced cyber security products. A more balanced approach to incident response includes investing not only in the right technologies, but also in people with specific skill sets and in the right processes the study notes.

For reprint and licensing requests for this article, click here.