When it comes to organizations’ digital defense posture, many enterprise security practitioners are overwhelmed by the scale and tenacity of external digital threats—and they lack confidence in their processes, systems and tools.
That’s according to RiskIQ’s 2017 State of Enterprise Digital Defense Report, which found that an average of 40% of organizations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps and social impersonation.
Across industries, an average of 35 tools are employed to thwart web, social and mobile threats.
Big brands in banking, retail and consumer goods had the most prevalence of attacks, and digital threat management appears more progressive among organizations in financial services, manufacturing and consumer goods, as expressed by overall expenditure.
68% of respondents express no to modest confidence to manage digital threats
Larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale; while smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.
Although confidence in IT security management appears optimistic, overall survey findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful.
About 68% of respondents express no to modest confidence to manage digital threats, and 70% of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand and ecosystem assessment.
From a vertical perspective, about a quarter (24%) of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk.
Security Management gap grows as digital threats outstrip defense capabilities
"While the results were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organizations are protecting their businesses, customers, and brands, and fortifying digital transformation," said Martin Veitch, editorial director at IDG Connect, which carried out the research.
Source: InfoSecurity Magazine