Security initiatives differ for small and medium-sized businesses (SMBs) and large enterprises, according to a survey of 723 IT professionals conducted by hybrid cloud security software provider Netwrix.
The Netwrix "2017 IT Risks In-Depth Report," released at this week's Microsoft Ignite conference in Orlando, Florida, revealed 60 percent of SMBs prioritize endpoint protection. Meanwhile, 65 percent of large enterprises said they emphasize complete visibility into user activity and IT changes in their databases.
Other notable report findings included:
- 100 percent of government agencies view employees as the main threat to cybersecurity. Conversely, most government entities lack visibility into user activity across their IT infrastructure.
- 90 percent of technology companies do not use software for information security governance or risk management, and 68 percent do not have dedicated cybersecurity personnel on staff.
- 50 percent of manufacturing companies have zero visibility into mobile devices, and 45 percent lack visibility into bring-your-own-device (BYOD).
- 49 percent of educational institutions prioritize protection against data breaches and fraud activities.
- 36 percent of financial organizations do not have a separate cybersecurity function — the best result among all industries surveyed.
Cyber risk mitigation varies depending on an organization's characteristics, Netwrix CEO Michael Fimin said in a prepared statement. However, organizations that gain visibility into user activity across the entire IT infrastructure can establish control over the cloud and mobile devices and reduce cyber risk, Fimin stated.
Most Organizations Use a 'Basic' Security Solution
Most organizations leverage "basic" security solutions and lack visibility into user activity and management of sensitive data, according to Netwrix.
The Netwrix "2017 IT Risks Report," released in June, showed 89 percent of IT professionals said they use "basic" IT security solutions. In addition, 74 percent said they are "not well prepared to beat IT risks," Netwrix indicated.
Visibility into user activity across an IT infrastructure can make or break an organization's cybersecurity strategy. In fact, organizations that track and analyze user activity may be better equipped than others to reduce the risk of data breaches and other cybersecurity issues, Fimin said.
How to Respond to Cybersecurity Concerns
Although cybersecurity is a priority for many organizations, addressing cyber risks remains difficult.
Mark Tonsetic, managing director for the Infrastructure Leadership Council and Applications Leadership Council at CEB Global (now Gartner), recently provided three tips to help organizations respond to cybersecurity concerns:
- Look beyond new technology. Most cyberattacks are not sophisticated. As such, organizations should extend their focus beyond new technology and explore solutions to address cybersecurity weak points.
- Examine your security hygiene. Security hygiene, i.e. fundamental security activities established to protect an organization, is crucial. With good security hygiene, an organization can gain visibility into cyberattacks and work quickly to detect and address these issues.
- Focus on the positives. Cybersecurity is now an organization-wide initiative, due in large part to cyberattacks that have affected many globally recognized brands. Organizations that teach employees about cyber risks can empower workers in all departments to work together to limit the impact of cyberattacks.
The right approach to cybersecurity can help an organization respond to cyberattacks faster than ever before, as well as reduce the time and costs associated with these attacks.