Most US, UK Firms Admit Major Security Breach In Past Two Years

A new survey has revealed the shocking scale of cyber attacks against businesses, as well as the lack of preparation some firms are guilty of.

The report from endpoint management firm 1E is entitled ‘Getting Your House in Order‘ and it found that many firm’s cyber defences are being built on sand given the scale of successful attacks.

The survey found for example 60 percent of businesses in the US and UK have experienced a serious security breach in the last two years. And staggeringly, 31 percent have experienced such a breach more than once.

Out of control?

1E said that it commissioned the research of 600 IT decision-makers (300 from IT operations and 300 IT security) in both the UK and US, carried out by Vanson Bourne.

The report found that 77 percent of respondents believe that they are not extremely well prepared to react to a serious data breach.

The fact that the 1E survey has identified 60 percent of businesses have experienced a serious security breach in the last two years, and is not helped by the fact that companies only have visibility of 64 percent of their software estate, meaning there is large blind spots for attackers to exploit.

Eight in ten of respondents claim digital transformation increases their cyber risk, and fewer than a quarter (23 percent) believe that the IT operations and IT security teams work together extremely well to secure the business.

Over three quarters (77 percent) cite that remote working will continue to be a security concern until organisations can find a way to effectively reach, patch, and secure remote workers.

Businesses seem to know where they need to invest, with the majority of respondents demanding an investment increase in areas such as software migration automation (80 percent), breach response and remediation (67 percent), and/or software patching (65 percent).

“Businesses are losing control of their estates because of fundamental issues such as the widening gap between IT Operations and IT Security and deferred responsibility,” explained Sumir Karayi, CEO at 1E.

Karayi said that “CIOs have the challenge of explaining the pivotal need for areas like patching, which can feel mundane. But without this hygiene, companies must constantly defend against new vulnerabilities or risk a major breach. This creates a phenomenon called the Software Arms Race, an unabated competition between exploiters and the entire software industry. Set on a continuous loop, one creates an issue, the other builds defences.”

Government help

The 1E report also includes 10-Point Action Plan for businesses, developed by Michael Daniel, former cybersecurity advisor to President Obama, and currently CEO of the Cyber Threat Alliance.

The scale of the cyber security problem at the moment was evidenced last month, when the UK’s top secret eavesdropping agency, GCHQ, announced that it had joined the fight against fraud and cyber attacks experienced by British businesses and financial institutions.

GCHQ director Jeremy Fleming said that the agency would begin sharing intelligence with British banks in an attempt to tackle fraud and cyber attacks.

Do you know all about security? Try our quiz!