Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has revealed additional findings from its Global Enterprise Security Survey.
According to the research, 63% of IT decision makers (ITDMs) at 250 plus employee organisations around the world are confident in their cybersecurity posture, despite 89% of organisations being breached in the past two years.
In addition, 66% believe they are doing better than their peers with regards to cybersecurity, while only 9% believe they are lagging behind. The research is a reminder of the importance of employing cybersecurity best practices and fundamentals as well as the urgency to avoid complacency in defending against cyberattacks.
“ITDMs continue to prioritise the maintenance and upgrade of their cybersecurity solutions in an attempt to combat today’s cybersecurity adversaries,” said Alain Penel, Regional Vice President – Middle East at Fortinet.
“Although important, other security best practices within their broader cyber and technology strategy are still missed opportunities. In particular, the urgency to prioritise security hygiene, educate with broader awareness, or implement security approaches that leverage automation, integration, and strategic segmentation, is critical to defend against the highly damaging Internet attacks possible in our near future.”
Respondents reveal that 24% of breaches experienced in the last two years were the result of social engineering, ransomware and email phishing. In 2018, 74% of businesses are planning programmes to educate employees in IT security, reflecting a growing awareness that breaches are caused by carelessness and ignorance as much as malice.
Another top concern for organisations is protecting access to the network. 38% of ITDMs feel confident that they have full visibility and control of all devices with network access. 42% of ITDMs feel confident that they have full visibility of the access level of all third parties who frequently have access to networks and 48% of ITDMs feel confident that they have full visibility and control of all employees.
This lack of confidence in the network visibility suggests that this is an area that should be treated as a top concern for organisations. Yet, basic security measures like network segmentation are only being planned by 29% of businesses in 2018. Without network segmentation, malware entering a network will often be left to spread.
When asked about what they would have done differently over their career in security, 53% of ITDMs wish they had invested more in employee security awareness training to prevent a security breach. Educating users can lessen the chance that they become victim of an intrusion attempt that targets one of the weakest links in the cybersecurity chain: employees themselves.
In 76% of breach incidents, in the first instance the board blames the IT department – either a specific individual (31%) or the department as a whole (45%). Employees outside the IT department get blamed in 40% of breach incidents, even though they’re often recognised as the weakest link.
The IT department can no longer be the only one responsible when it comes to a breach. BYOD and IoT, the use of cloud-based applications, and shadow IT, all extend the security responsibility to the broader organisation – and employees.