Cyber Security Teams Worry Most About Phishing & Ransomware

Uploaded on 2020-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Nearly 90% of security professionals are most concerned about phishing and ransomware attacks. This is especially alarming, as only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a report by the cyber security experts at Balbix reveals. 
 
Organisations and their IT staffs have to battle a variety of cyber threats in their quest to keep their businesses and resources safe and secure. But some threats are more pervasive and challenging than others. In their report released Balbix looks at the top threats cited in a survey of security professionals. 
 
The 2020 State of Enterprise Security Posture Report reveals that cyber security teams are struggling with a lack of visibility into threats, endpoint devices, access privileges, and other key security controls necessary for a robust cyber security posture.
 
The report is based on the results of a comprehensive online survey of IT and cyber security professionals in the US, conducted in May 2020 to identify the latest trends and concerns in the cybersecurity community.  The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organisations of varying sizes across multiple industries.
 
The findings also determined that 64% of organisations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organisations. Specifically, 46% find it hard to tell which vulnerabilities are real threats vs ones that will never be exploited. 
 
Limited visibility of the overall attack surface (37%), and the burden of being inundated with far too many alerts to act upon (25%) were found as additional significant concerns. 
 
The report shows that security professionals remain inundated with the challenge of maintaining clear observation and visibility of the changing electronic global-scape. 
 
Additional Report Findings
  • The second biggest security threat faced by organisations, after phishing web and ransomware attacks, is unpatched systems (53%); misconfigurations (47%) follows as the third main risk driver
  • 68% list unpatched systems as the top area that they have continuous visibility into, followed by identity and access management (59%) and phishing, web and ransomware (48%)
  • Only 13% of cyber security leaders feel like presentations to the board go very well and that the board understands the cyber risk posture of the enterprise
  • 60% of organisations have knowledge of fewer than 75% of the assets on their networks, with most claiming only spotty understanding of business criticality and categorisation
  • 80% of organisations provide more access privileges than are necessary for users to do their jobs, unnecessarily adding substantial risk to their organisations
  • Only 58% are capable of determining all vulnerable assets within 24 hours following news of critical exploits
To solve this challenge, enterprises must start with gaining continuous, comprehensive visibility of real risks to their organisation, including not only where they have weaknesses or vulnerabilities, but also whether those weaknesses are likely to impact them. 
 
HelpNetSecurity:        Balbix:       TechRepublic:       Dark Reading
 
You Might Also Read: 
 
Vital Necessity Of Cloud Computing Highlights Security Risks:
 
« The Effects Of GDPR On EU / US Relations
Using Artificial Intelligence In Academic Research »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Military Cyber Professionals Association (MCPA)

Military Cyber Professionals Association (MCPA)

MCPA are a team of Soldiers, Sailors, Airmen, Marines, Veterans and others interested in the development of the American military cyber profession.

CyberSec.sk

CyberSec.sk

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Valid Network

Valid Network

Valid Network DSP is blending traditional cyber security methodologies with blockchain transactions to achieve trust, internal and federated between organizations and stake holders.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.

AppSentinels

AppSentinels

Appsentinels are a group of security and technology experts with a mission to fix gaps in application security.