The State of Cybersecurity Survey
Ever notice something about surveys? While there are plenty out there about the threats rising on the IT landscape, there isn't always useful information about the controls and techniques leaders are using to stop them. And that's what we really want to know, right? Finding out where other organizations are struggling and where they're succeeding, and how they're approaching attacks, can provide a roadmap to strengthening your own security program.
So we talked to more than 300 IT leaders about cybersecurity trends, challenges and plans. If you’re curious, these leaders helmed every size of organization, from enterprises to small businesses – which often made a difference in their choices, as you’ll see.
You can find the results here, but we'll share a few highlights:
Stolen credentials are on their mind; almost two out of five were “Very Concerned” and almost half were “Somewhat Concerned” about the potential misuse of stolen credentials. Surprising? Not at all. These leaders are aware of breaches that often began with an attacker using someone’s valid credentials to invade the organization’s network and steal their assets. Interestingly, decision-makers from large organizations were significantly more likely than those from small organizations to choose “Very Concerned.”
You might be thinking that given these fears, these teams are protecting their systems with all the best security controls. Unfortunately, that’s not what we found. Only a third use two-factor authentication (2FA) across their organization, with 23% using it some areas. As for adaptive authentication, 18% use it in all areas and 15% use it in some areas.
And wait, it gets worse; 11% said they use neither and don’t plan to during the next 12 months. That means one out of ten organizations that are relying on simple password protection.
There is some good news though: 18% plan to implement or expand 2FA, while 16% plan to implement or expand adaptive authentication in the next 12 months. While we wish those numbers were higher, that's undoubtedly a smart decision for those organizations.
But back to those 11% who aren’t using 2FA or AA. While we don't know their reasons for opting out, one reason might be user experience. Our survey found that while a quarter of teams who use two-factor authentication love it, 65% report that they hear some complaints, and 9% hate it. Those levels of dissatisfaction can point to a possible security gap, as many users who dislike 2FA will find risky workarounds that are more convenient for them.
That’s not the only challenge our survey respondents struggle with. The top challenge: getting enough budget to meet critical needs in IT security. (Leaders from large organizations were more likely than anyone to call that out.) They’re also dealing with:
- stopping a new or never-before-seen attack (23%)
- knowing if or when they have been breached (19%)
- implementing the right solutions (17%)
- and hiring the right staff (12%).
As for IT security spending, most expect an increase in 2017, with nearly one in five anticipating an increase of 20% or more. Interestingly, it was again leaders from large organizations who expected this increase – despite naming budget challenges as their top struggle.
So what does it all mean?
Despite our finding that 82% fear attacks related to stolen credentials, we also found many organizations are not taking adequate steps to protect themselves. Only 56% currently use 2FA, while only 37% currently use Adaptive Authentication. That’s a massive security gap. The fact that 11% said they use neither and don’t plan to during the next 12 months is even scarier.
Obviously teams need to get serious about security and layer adaptive controls. But the highlighting of budget issues indicates that many may not be aware of the budget-friendly solutions available. Just because a top solution is expensive doesn’t mean it’s going to meet a team’s needs, while many advanced solutions can be cost-effective. Ultimately security is about blending smart strategy and advanced technologies – so let’s hope the majority who say they’re increasing spending will do in a strategic way.
There’s also the matter of two-factor authentication getting mixed reviews. 74% report receiving negative feedback about their 2FA. When almost one out of ten users say they hate it, and another two thirds complain about it, it’s time to find a solution that provides a smoother user experience.
Which brings us to the conclusion at the heart of this survey. It’s always terrible when an organization realizes they’ve been breached, especially when the damage runs into the millions. But it’s doubly regrettable when the organization could have protected themselves from the attack with the right security controls – and they didn’t. If we have one hope for 2017, it’s that organizations turn to the solutions available now to protect themselves from a devastating breach in the future.
Take a look at the full survey results and see how you match up.