A newly released study finds that threats to the enterprise from malicious insiders, phishing and social engineering attacks are the top security concerns for businesses, and found that respondents believe Internet-facing applications represent the most vulnerable attack vector.
Of the more than 200 senior-level IT and security professionals surveyed in the study, 37% said phishing and social engineering are the biggest threat, followed by malware at 25%, while 32% believe that public-facing applications are the weakest point on their networks.
The study also found that only 59% of respondents said their company has a cyber incident response plan in place, and the percentage of companies with password policies implemented reached 90%.
“The findings we’ve compiled suggest that while most companies are employing best practices when it comes to cyber security, there is still a way to go before adoption is universal,” said CEO/President, Ralph P. Sita, Jr., CPA at TrainACE.
“All companies have different reasons and needs when it comes to cyber security, but it’s troublesome to learn that many still don’t have the basics in place, such as a cyber incident plan or set of updates guidelines. Of course, these are generally the companies that learn the hard way after a hack or data breach. ”
Other key findings include:
- 48% percent of respondents think current and former employees pose the greatest cyber security threat to their organization
- 54% said their company had not been hacked or experienced a data breach in the last 12 months
- 46% say they have found a Trojan on their work computers
The study says that of the companies that acknowledged they had a security incident in the last twelve months (17%):
- 70% found a Trojan on their work computers
- Nearly 20% of those who confirmed a hack or breach said they don’t have a cyber incident response plan, but are now considering one
- 68% have password policies in place
“When it comes to company spending on cyber security measures this year, most respondents indicated an increase, most of which was going towards software. Of those respondents who knew what percent of their organization’s overall IT budget is allocated for information security, most said 6 – 10 percent,” the researchers stated.
“Plans to hire more IT security staff over the course of the year appear flat – yes and no were evenly split at 30 percent. Most respondents – 75 percent – said they have training for security policy in place.”
Read More Here…