Things look dire for the current state of IT security in the U.S. and U.K., according to a report published by RiskIQ, a digital threat management firm. This is based on a survey, conducted by IDG Connect, answered by 465 persons in charge of making IT security decisions at organizations with at least 1,000 employees in these two countries. But that doesn't mean there's nothing you can do. Here are some lessons your business needs to learn, sooner rather than later.
Editor's Note: Looking for a way to combat Distributed Denial of Service, or DDoS, attacks? These hacks involve multiple compromised networks, and are used to target a single system. To find out how our sister site, BuyerZone, can help you keep your business safe by filling out the survey below.
1. Most IT security threats come from outside an organization.
A threat can originate from within your organization, such as personnel who may have accidentally or intentionally compromised your organization's IT security. But respondents to the survey said 75 percent of issues they had experienced came from someone acting outside their organization. Make sure your employees go through security training and awareness programs so they are well equipped to stop attacks from the outside.
2. The web is the biggest security issue.
More than 70 percent of survey respondents said they had little to moderate confidence in fully protecting their organization's IT from threats originating from the web. What's more surprising is that 60 percent said their organization experienced security issues stemming from mobile devices. This lower number may be due to policies for using mobile devices at work that could be stricter than those for using an organization's computer.
3. Ransomware and malware that messes up browsers are the biggest threats.
Survey respondents reported 44 percent of their security incidents were due to malware that locks up browsers or triggers ransomware. Most of these are executed because of an insecure browser: An employee visits a site with malicious code hidden in it that downloads automatically or tricks the employee into clicking something to trigger it. Again, training is so important.
4. Phishing is an equal problem.
Many employees do not take enough care when it comes to clicking links in their emails or on the web that could harvest their personal data or lead to malicious things such as malware. Phishing attacks were on par with malware, having affected 42 percent of the survey respondents.
5. Keep an eye on your domains.
Threats to survey respondents' domains – such as getting hijacked, or their DNS getting attacked – happened to 42 percent of them. So, the security of your organization's online addresses needs to be treated as the same level of importance as malware and phishing.
6. Assess your IT security.
Only 31 percent of survey respondents had "high confidence" in their organization's IT security's ability to effectively mitigate threats. This figure was less than 25 percent for those in the health care and pharma industries. If you feel similarly about your organization's security, then act.
7. Be prepared to spend more.
In the near term, more than half of the survey respondents expected to spend at least 15 to 25 percent more on IT security.
8. Consider outsourcing.
If your organization's IT security needs are complex enough (you have many employees using computers and other devices online, for example), it could be worth hiring a managed security service provider. According to RiskIQ, organizations outsource a third of their IT security management. RiskIQ projects spending for such services to grow to nearly 13 percent during the next two years.