Technology advancement is giving organizations and individuals the ability to innovate faster, but it is also enabling hackers to evolve their efforts as well. According to a recent report, 45% of enterprises believe emerging threats are one of the biggest issues when it comes to their security infrastructure, followed by staffing and limited resources. The 6-12 Report for IT Security was conducted by AVANT Analytics, a division of AVANT Communications, to gain insights into how enterprises assess attack surfaces, biggest threats and current defenses.
“Almost every day, we read press reports about companies that have been breached or otherwise used as unwitting pawns by cybercriminals,” said Ian Kieninger, CEO and co-founder of AVANT Communications. “Companies of all types recognize and fear the vulnerabilities they face. We designed this AVANT 6-12 Report to facilitate an understanding of what’s adequately defended and where the gaps might lie. Readers of this document will be able to sustain a higher-level dialogue around how to protect the very existence of their companies.”
The report also found that while the security attacks are getting more severe, the hackers aren’t getting more advanced. The emergence of new tools are enabling even the most unsophisticated hackers to target exploits and do damage. “Modern attackers don’t even need to be highly experienced or skills given that a wide variety of exploits have been productized into various, easy-to-use tool kits. Some criminals will even launch attacks in exchange for a fee,” the report stated.
Additionally, the report warns against governments and those who represent governments also trying to steal data, product roadmaps, design features and other valuable items.
The most common threat vectors include Denial of Service attacks, Distributed Denial of Services Attacks, ransomware, man-in-the-middle attacks, zero days, phishing exploits, viruses, worms, and general malware.
Some security solutions enterprises do have in place to help improve their security include endpoint protection, intrusion prevention systems, intrusion detection systems, firewalls, managed firewalls, and a vulnerability scanner.
According to the report, general things enterprises should have in place for security defense include: risk assessments, incident response plans, DDoS mitigation, endpoint protection, Managed SIEM, perimeter security, and disaster recovery as a service.
Other findings of the report include preparedness for attacks varies by vertical market, the IT security budget is minimized in favor of an environment, and three security approaches: reactive, proactive and adaptive.
“Security is a value proposition unlike any other in the Information Technology industry,” said Ken Presti, research vice president of AVANT Research and Analytics. “Any other technology can be installed and tested to prove that it works. But, security is such a rapidly moving space that it’s difficult to know what the criminal element will be able to penetrate. And, if they can’t gain access today, perhaps they will learn how to gain access tomorrow. Since no guarantees can be made, enterprise decision-makers need to work with their Trusted Advisors to maximize the odds while at the same time developing effective contingency plans in the event that something bad does occur.”