But we aren't doing enough about it.
There won’t ever be a day without cyber attacks unless there is enough security to stop them.
Companies are trying, albeit not enough. A study by technology association ISACA says that companies and organizations can’t find enough qualified people to fill cybersecurity positions. Even when they do, they still need time, energy, resources and money for training.
According to the survey, 4-in-5 respondents expect a cyber attack on their employer this year, but only 31 percent of companies routinely check security. A surprising 13 percent haven’t even tested their current security controls.
One of the biggest concerns is the huge rise in Internet of Things usage — where everyday appliances are increasingly connected to our phones and the Internet. This may be the biggest threat to companies this year, as 97 percent of companies see its popularity rising. Mobile attacks are also problematic.
The good news: budgets for security are up
The ISACA study found that more than half of respondents were putting more cash toward fighting cyber attacks. Unfortunately, it’s still a slow process. Last year, 61 percent of companies said their security budget was increasing. This year, only half of companies are increasing their security budget.
While it’s good that many companies see the necessity in increasing security allotment, the slowdown is worrisome.
“Slowdown in budget expansion can be a potential risk if it is sufficient to cause economic-related hiring freezes or reductions in open headcount requisitions,” the report says. “Enterprises may want to begin planning strategies now to ensure that they are prepared, e.g., by investing in talent retention, personnel development, cross training or other activities that maximize current staff and minimize the impact of attrition.”
The bad news: threats are at an all-time high
Among the top attacks, 40 percent of companies experienced a phishing scam in 2016, where scammers took personal and sensitive data. Thirty-seven percent saw a malware attack, and 29 percent had a social engineering breach, meaning someone was tricked into granting access.
And attacks are only going to go up. Half of the respondents say ransomware attacks will keep coming, with money as the driving factor — 70 percent of targets admit they paid the ransom after the attack to recover their files.
More bad news: Companies know that these attacks are only going to increase, but they don’t have the human power to stop them.
“Attacks are increasing, but the resources allocated to combat those attacks, while still growing, are growing at a reduced rate compared with prior years,” ISACA says. “Enterprises have continued difficulty finding qualified personnel to fill cybersecurity positions.”
Many jobs are open, companies say, and people are even applying for them. But finding the right person with the required qualifications is difficult. Of those that are applying to open positions, less than half are qualified for them. On top of hiring, there is also money and time that needs to be allocated for training on cybersecurity.
Unfortunately, there are still companies that don’t believe they are at risk for cyber attacks. In fact, some companies would rather put dollars toward physical security than internet security.
Article last modified on July 19, 2017. Published by Debt.com, LLC .