With all the high-profile hacks being disclosed lately, it certainly seems like both public and private cybersecurity protections are lacking. But two surveys of security professionals reveal widely varied views on whether companies and networks are prepared to deal with digital attacks.
In the "Critical Infrastructure Readiness Report" from McAfee, the Aspen Institute, and Intel, almost 75 percent of the 625 respondents said they were confident or extremely confident in their organization's framework for identifying intrusions. Sixty-eight percent said they were confident that they could deal with attacks. Sounds great, let's all go home.
Seventy percent of the same survey respondents, though, said that there were more and more threats out there. And a vast majority reported at least one cyberattack on their organization's system, with the median number of attacks at 20 per year. Respondents said that these hacks resulted in service interruptions, data breaches, and even physical damage.
The survey notes:
Those who have endured a higher number of successful attacks and confirmed damage feel more vulnerable than the rest; this suggests that as the number of attacks on all organizations continues to increase, the confidence levels reported in the survey may erode.
The most incredible and concerning stat from the report is probably that 48 percent of the cybersecurity professionals surveyed said that they think it's likely that a hack will compromise critical infrastructure "with potential loss of life." These are the same people who feel confident that their organizations are secure!
Released last week, the 2015 Black Hat Attendee Survey polled a more pessimistic group of 460 security professionals. Seventy-three percent said they thought their organizations would suffer a data breach at some point in the next 12 months, but only 27 percent said that the group would be able to handle it. Similarly, just 27 percent said they had enough people working on security to address everything. "The survey indicates that most enterprises are not spending their time, budget, and staffing resources on the problems that most security-savvy professionals consider to be the greatest threats," the report said.