View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Almost half don’t change security strategy following a cyber attack

Naive? Reckless? Lazy? Lacking funds or knowledge? Why are these practices still commonplace?

By James Nunns

They say that you should learn from your mistakes, an adage that seems to go out the window when dealing with cyber security given that 46% fail to change security strategy following an attack.

The shocking statistic is the latest in a long line of frankly humiliating findings that increasingly makes you lose any sympathy for those at the pointy end of the stick.

Albert Einstein said that, “the definition of insanity is doing the same thing over and over again, but expecting different results,” clearly a message that needs to be plastered on the walls of IT security professionals.

The CyberArk Global Advanced Threat Landscape Report 2018, which is where this figure comes from, found that almost half of IT security professionals rarely change their security strategy substantially, even after a cyber attack – clearly resulting in putting at risk sensitive data, infrastructure, and assets.

Rich Turner, Vice President EMEA, CyberArk, said: “When target organisations haven’t moved with the times, cyber attackers often have an easy time of it and are able to penetrate traditional perimeter defenses without undue effort. Companies must show greater urgency to change the game, which means treating the risk associated with cyber security in the same way as wider business risks such as competition and the economy.

“Understanding how changing service delivery models – like cloud and DevOps – affect the attack surface is a crucial component of cyber risk. Business leaders have a critical role to play in transforming the risk mindset and building cyber resilience across the enterprise.”

Content from our partners
Why fashion’s future lies in the cloud
Tech’s role in addressing the logistics talent crisis
Addressing ESG to build a better, more sustainable business 
UK emergency services at heightened risk of cyber-attack
Social media companies failing to curb cyberbullying, finds inquiry
The Facts & Figures of failing cyber security over the last year

Further findings saw that 89% believe that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials, and secrets are secured. To compound this issue, the number of users who have local admin privileges on their endpoint devices rose from 62% in 2016 to 87% in 2018.

Unsurprisingly, the list of threats that most face are the standard issues, targeted phishing attacks (56%), insider threats (51%), ransomware or malware (48%), unsecured privileged accounts (42%), and unsecured data stored in the cloud (41%).

Yet again we are in the position of everyone being able to identify that there’s a lot of threats, but little effort being made to actually remedy it.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU