cybersecurity and business it security

How seriously are businesses taking cybersecurity?

It’s just over a year since the WannaCry ransomware attack targeted private business and public organizations around the world, with high-profile victims including FedEx, German rail company Deutsche Bahn, and the UK’s National Health Service. The seriousness and sheer volume of cybersecurity threats in the past year has shown no sign of abating; according to statistics from file-scanning service VirusTotal, they received an average of more than a million potential new threat files every day in March 2018, with the figure coming close to two million on some days. Sites like chouprojects.com spend a considerable amount of time discussing the rising issue, as no end seems to be in sight.

IT security threats, and the methods used to deploy them, are undergoing constant evolution as cybercriminals seek innovative new ways to seize control, steal data, and wreak havoc upon organizations. It’s believed that some hackers are now registering accounts and trying to gain valuable information from the business. This can put other user details at risk, so it’s important that businesses are trying to implement the most effective ways of preventing these hackers. One way of noticing hackers before they cause damage is by monitoring user behavior analytics to see which accounts are acting suspiciously. This should help businesses to track down these accounts and prevent them from stealing valuable data. Whilst this is one method of preventing hackers, there are so many other ways that hackers could get access. This is why businesses and their IT teams are constantly having to react and adapt to new types of cybersecurity threats, often at considerable expense, as they continually strive to fend off attacks, be it by using a stronger means of processing file requests or by checking through networking traffic. But how well are enterprises really doing at keeping their businesses – and their customers – secure?

ISACA’s 2018 State of Cybersecurity report provides some good insight on this. Worryingly, in the light of Wannacry, NotPetya (a 2017 cybersecurity attack initially on more than 80 Ukrainian businesses, which later spread across Europe and to the U.S.) and other attacks, hacks, and breaches, it turns out that only 20 percent of organizations have their IT security function reporting into the mainboard or chief executive. This is down from 24 percent in the previous year – and it is concerning that in the face of such high-profile cyberattacks the highest levels of organizations aren’t taking the threat more seriously.

Another stat from the report points to the same conclusion: just 57 percent of participants thought that the company board was adequately supporting IT security initiatives, a stark reduction from 67 percent the previous year. Other figures from the survey suggest that companies are having trouble filling vacancies for skilled cybersecurity professionals, with respondents reporting that over 50 percent of candidates for such jobs were not qualified for the roles that they were applying for. In slightly more heartening news, while 36 percent of enterprises expect to see their cybersecurity budget stay the same or reduce this year, 65 percent are expecting a budget increase.

In an age where cybercrime is on the rise – and customers are understandably more cautious than ever about how businesses store and protect their personal data – it’s worrying that many enterprises still seem, on the face of it, not to be taking cybersecurity as seriously as they should. A lack of adequate protections, constantly reviewed and updated to counter evolving threats, is a gift to cybercriminals, who can range from malicious individuals to organized crime gangs and even state actors. It’s clear that many businesses should now be looking carefully at their cybersecurity investment – and reporting structure – if they want to avoid unpleasant consequences further down the line.