infoTECH Feature

September 13, 2016

Companies Have a False Sense of Cyber Security

It's one of the great classic films of our time, “Monty Python and the Holy Grail.” In it, a character known as the Black Knight takes repeated blows from King Arthur's sword, only to protest that the dismembering blows taken are merely “flesh wounds,” even to the point where the Black Knight is a torso on the ground. Companies in a recent Juniper Research (News - Alert) report are behaving similarly to that oblivious knight, as defined by recent numbers about the state of their cyber security.

Eighty-six percent of respondents believe that everything that can be done to reduce the impact of attacks is being done, but over half have suffered a data breach, and even know that to be the case. Despite this, 27 percent of small and medium-sized enterprises feel secure when it comes to cyber threats, believing themselves to be “too small” to bother with.

What's more, companies are increasingly moving infrastructure components to cloud-based systems, and that's increasing the amount of material that's found somewhere online, making it a much richer target for hackers. Thirty-three percent actually believe it's sufficient to have just the IT department responsible for taking on security threats, with a large proportion believing that IT should be connected with the security department.

On the plus side, over 75 percent of businesses have a board involved in considering issues of cyber security, and 87 percent of businesses had a continuity plan in place. Even these positives, however, were mitigated by bad news: just 25 percent of businesses had a dedicated executive position for security, and under half of businesses had secure practice guidelines for employees to follow. Moreover, though many companies had some kind of guidelines in place, the guidelines are only haphazardly applied and seldom enforced. Perhaps worst of all, 18 percent of respondents wouldn't actually notify someone about a data breach in progress until the next working day “if they did not consider it a big problem.”

There's some good news in this survey. Plenty of places are doing things at least somewhat right, and that's always something to take comfort in. By like token, it's also quite clear that there's a lot that needs to be improved upon in order to get anywhere here, and the sooner businesses get these improvements in place, the better off we'll all be as a result. We cannot allow complacency to get the better of us, not when it comes to something as important as cyber security; the entire business needs to be involved, and there must be clear rules, clear leadership, and clear outcomes to establishing cyber security.

Cyber security is everyone's job, to put it plainly, and the sooner we can establish that point, the more likely we'll be to fend off the next big data breach. We can't handwave conditions for a data breach as mere electronic flesh wounds, or soon, we'll be without a leg to stand on.




Edited by Alicia Young
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers