Cyber Security Teams Worry Most About Phishing & Ransomware

Uploaded on 2020-08-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Nearly 90% of security professionals are most concerned about phishing and ransomware attacks. This is especially alarming, as only 48% confirm that they have continuous visibility into the risk area of phishing, web and ransomware, a report by the cyber security experts at Balbix reveals. 
 
Organisations and their IT staffs have to battle a variety of cyber threats in their quest to keep their businesses and resources safe and secure. But some threats are more pervasive and challenging than others. In their report released Balbix looks at the top threats cited in a survey of security professionals. 
 
The 2020 State of Enterprise Security Posture Report reveals that cyber security teams are struggling with a lack of visibility into threats, endpoint devices, access privileges, and other key security controls necessary for a robust cyber security posture.
 
The report is based on the results of a comprehensive online survey of IT and cyber security professionals in the US, conducted in May 2020 to identify the latest trends and concerns in the cybersecurity community.  The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organisations of varying sizes across multiple industries.
 
The findings also determined that 64% of organisations are only, at best, somewhat confident in their security posture, and that the lack of visibility into security is the primary concern for organisations. Specifically, 46% find it hard to tell which vulnerabilities are real threats vs ones that will never be exploited. 
 
Limited visibility of the overall attack surface (37%), and the burden of being inundated with far too many alerts to act upon (25%) were found as additional significant concerns. 
 
The report shows that security professionals remain inundated with the challenge of maintaining clear observation and visibility of the changing electronic global-scape. 
 
Additional Report Findings
  • The second biggest security threat faced by organisations, after phishing web and ransomware attacks, is unpatched systems (53%); misconfigurations (47%) follows as the third main risk driver
  • 68% list unpatched systems as the top area that they have continuous visibility into, followed by identity and access management (59%) and phishing, web and ransomware (48%)
  • Only 13% of cyber security leaders feel like presentations to the board go very well and that the board understands the cyber risk posture of the enterprise
  • 60% of organisations have knowledge of fewer than 75% of the assets on their networks, with most claiming only spotty understanding of business criticality and categorisation
  • 80% of organisations provide more access privileges than are necessary for users to do their jobs, unnecessarily adding substantial risk to their organisations
  • Only 58% are capable of determining all vulnerable assets within 24 hours following news of critical exploits
To solve this challenge, enterprises must start with gaining continuous, comprehensive visibility of real risks to their organisation, including not only where they have weaknesses or vulnerabilities, but also whether those weaknesses are likely to impact them. 
 
HelpNetSecurity:        Balbix:       TechRepublic:       Dark Reading
 
You Might Also Read: 
 
Vital Necessity Of Cloud Computing Highlights Security Risks:
 
« The Effects Of GDPR On EU / US Relations
Using Artificial Intelligence In Academic Research »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Conference-Service

Conference-Service

Conference-Service provides a categorised calendar of conferences and events, including Information Security & Privacy.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.

Rocket Software

Rocket Software

Rocket Software helps customers in all industries solve their most complex IT challenges, across infrastructure, data, and applications — with solutions that simplify, not disrupt.