Cybersecurity Attacks Hit 87% of Organizations in 2016
A recent report found the majority of IT professionals said their entity was affected by a cybersecurity attack in 2016, with half expecting to raise their security budgets.
April 12, 2017 – A majority of organizations reported that they were affected by a cybersecurity attack last year, with one in three saying that they had been hacked more than five times in the past 12 months, according to a recent Bitglass report.
In response, 52 percent of respondents also said that their entity planned to increase their overall security budgets.
Over 3,000 IT professionals were interviewed for the Bitglass Threats Below the Surface Report, which was done in partnership with the CyberEdge Group and Information Security Community.
“More organizations in the retail and tech sectors are spending a large proportion of budgets on security than in other verticals,” report authors explained. “Security conscious industries including finance and healthcare aren’t far behind, where security budgets continue to grow rapidly.”
Thirty-three percent of organizations stated that IaaS security was the top priority, while 31 percent listed SaaS app security as the key focus area.
For cloud security concerns, 57 percent of respondents said that data leakage was a top concern, while 49 percent noted data privacy, and 47 percent said confidentiality was their main worry. Thirty-six percent listed compliance as the top issue with which their enterprise was struggling.
In other data security areas, 37 percent of those surveyed said phishing was their top concern, with 33 percent mentioning insider threats, and 32 percent noting malware as a key worry.
Ransomware attacks are also continuing to affect organizations, as 54 percent reporting that they refused to pay a ransom but were still able to recover their data. Nearly 33 percent of respondents admitted to paying a ransom, while 13 percent said they refused to pay and also lost their data.
“While many have some means of alerting on potential leaks or unauthorized accesses, few have the ability to identify and remediate threats in real time and few can secure unmanaged mobile devices,” report authors explained. “In the coming year, as more organizations put their security budgets to work, expect to see much needed capabilities— access controls, cloud DLP, encryption—become widespread.”
Two-thirds of respondents said that threat detection was the top critical threat management capability. Furthermore, 72 percent stated data encryption was the most in-demand security capability. This is an increase from 65 percent feeling the same way in 2015.
Traffic encryption was cited by 60 percent of those surveyed as the top critical threat management capability, with 56 percent listing access controls as the main capability.
Healthcare cybersecurity attacks are also on the rise, with PHI data breaches continuing to affect organizations of all sizes.
A Redspin report released earlier this year found that healthcare cybersecurity attacks stemming from hackers increased 320 percent in 2016. There were also a total of 325 large-scale PHI data breaches, compromising 16,612,985 individual patient records, according to Redspin.
Nearly all healthcare providers – 96 percent – reported that PHI breaches of greater than 500 records due to hacking/IT incidents, an increase of 320 percent over 2015.
Additionally, Redspin found a year-over-year increase of 181 percent in the total number of health records breached in provider hacking attacks. Approximately 9.5 million patient records were affected in a healthcare data breach that was caused by a hacking attack in 2016. Comparatively, 2015 saw about 5.2 million patient records affected in the same type of incident.
“Healthcare providers have become the primary targets of malicious hackers, and their attacks are becoming increasingly sophisticated and disruptive to operations,” CynergisTek Vice President Dan Berger said in a statement. “The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond.”