Armis Data Show Dangerous Lack of Awareness of Major Cyberattacks
This lack of awareness is contributing to hackers' success.
![Businessman head in the sand Businessman head in the sand](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta2cbff99f6782b2f/65244de6f2a4c5ce5539aa15/8-Head-in-the-Sand.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Key Statistics from the Armis data include:
Over 21% of respondents have not even heard about the cyberattack on Colonial Pipeline, the largest U.S. fuel pipeline.
Almost half of working Americans did not hear about the attempted tampering of Florida’s water supply.
Sixty-three percent of health care delivery organizations have experienced a security incident related to unmanaged and IoT devices over the past two years.
Fifty-four percent of workers don’t believe their personal devices pose any security risk/threat to their organization.
Armis’ Curtis Simpson said effective cybersecurity strategies require internal and external inputs, combined with a healthy dose of critical thinking and business awareness.
“Newsworthy breaches are an important example of external inputs,” he said. “As cyber leaders, it’s important that we reflect the details of newsworthy incidents experienced by competitors, peers and other organizations with relevant parallels. Failing to take note of a growing number of attacks targeting comparable exposures or operations can result in cyber strategies trailing behind the growing risks facing the organization.”
Effectively communicating top risks and the need for action to senior leaders often require the ability to relate recent incidents experienced by comparable operations and how a similar impact could be experienced without executing a specific risk reduction strategy, Simpson said.
“Failing to relate relevant newsworthy incidents and corresponding trends pointing to an elevated risk and sense of urgency leads to lack of senior support, budget and progress overall,” he said.
Security awareness training and communications directed toward staff overall must continue to evolve in order to remain relevant, Simpson said.
“Security teams must regularly consider the threats facing staff in the office, at home or elsewhere, the risks potential being introduced or elevated by staff behaviors, environments, etc.,” he said.
Critically thinking about these risks periodically and specifically, when there are material changes to operations, such as staff returning to the office after more than 12 months, is important, Simpson said.
It was particularly surprising that awareness of the Colonial Pipeline attack, widespread news in the United States, was barely disseminated in the United Kingdom, Simpson said.
“The internet is global,” he said. “The threats are global. The news remains relatively localized. This is a strong reminder that we truly need to rely upon multiple news sources from around the world to ensure that we have a fuller picture into the external risk landscape and growing threats to operations.”
The cyber knowledge gap isn’t necessarily driving hackers‘ success, but it’s contributing to the success of such attacks, Simpson said.
“This relates to an overall lack of preparedness in situations where an attack should have been anticipated based on trends exposed through newsworthy events, but for which there was little to no awareness or in turn, actions taken to prepare,” he said.
The cyber knowledge gap isn’t necessarily driving hackers‘ success, but it’s contributing to the success of such attacks, Simpson said.
“This relates to an overall lack of preparedness in situations where an attack should have been anticipated based on trends exposed through newsworthy events, but for which there was little to no awareness or in turn, actions taken to prepare,” he said.
New Armis data shows a continuing lack of widespread awareness of major cyberattacks like Colonial Pipeline. This proves an ongoing, dangerous cyber knowledge gap.
Armis surveyed more than 2,000 professionals in various industries from across the United States in May. It found that end users are not paying attention to the major cyberattacks plaguing operational technology and critical infrastructure across the country. That signals the importance of businesses prioritizing a focus on security as employees return to the office.
Ransomware Surge
In the past year, there were 65,000 ransomware attacks in the U.S. That equates to about seven attacks per hour, a rate you can expect to continue rising. As the United States looks at its vulnerable industries, the responsibility is falling on businesses to ensure that they are keeping the organization and employees safe and secure.
Moreover, ransomware has hit health care in a major way, according to Armis data. Hackers attacked Scripps Health’s technology systems and a chain of Las Vegas hospitals. Despite the spotlight on these attacks, the data show many consumers are simply not taking notice. Therefore, the responsibility of security falls on the businesses themselves.
Armis’ Curtis Simpson
Curtis Simpson is Armis‘ CISO.
“The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players,” he said. “It is also an unfortunate example of the huge vulnerability of an aging infrastructure that has been connected, directly or indirectly, to the internet. Organizations must be able to know what they have, track behavior, identify threats and immediately take action to protect the safety and security of their operations. This data shows that there is less consumer attention on these attacks as we might expect. And so that responsibility falls to businesses to shore up their defenses.”
Scroll through our slideshow above for more on this new Armis data.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like