Solarwinds MSP: Overconfidence in Security Damaging for Businesses

Despite the fact that 71 percent of firms with confidence in their security experienced a security breach, less than half implemented new security solutions.

Lynn Haber

May 17, 2017

2 Min Read
Security

There appears to be a disconnect between what IT executives – CIOs, heads of IT, and CISOs – believe about their cybersecurity and the damage they’re enduring. That’s according to the 2017 Cybersecurity: Can Overconfidence Lead to an Extinction Event? survey from Solarwinds MSP.

Simply stated, the survey respondents – 400 SMBs and enterprise equally split between the U.K. and the U.S. – have more confidence in their cybersecurity readiness than is warranted.

SolarWinds MSP's John PagliucaResponding to the survey findings, John Pagliuca, SolarWinds MSP general manager, said, “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe. These results beg the question, ‘How can IT leaders feel so prepared yet still be exposed?’

In fact, 87 percent of organizations reported having complete trust in their security techniques. Of these firms, 71 percent were breached at least once in the past year, despite the belief of 59 percent of these same companies that they’re more secure than 12 months earlier.

Survey respondents noted a variety of security breaches they experienced over the past year, with the top five being: failure of a critical business system, such as line of business (LOB), 37 percent; insider accidental act such as deletion of data or exposure of confidential data, 32 percent; cybercriminal DDoS or other fraud/extortion attempt, 31 percent; insider malicious attacks at such as theft or destruction of data or systems, 31 percent, and a ransomware outbreak, 28 percent.{ad}

These incidents not only cost the organizations cited in the survey tangible losses, such as money, downtime, legal action, loss of customer or partner, but 23 percent reported intangible losses, such as brand reputation and loss of new opportunity.

So what did they do? Less than half of the companies implemented new security solutions after a data breach, and 14 percent did nothing.

SolarWinds MSP investigated why this overconfidence is occurring and identified seven basic faults:

  • Inconsistency in enforcing security policies

  • Negligence in the approach to user security awareness training

  • Shortsightedness in the application of cybersecurity technologies

  • Complacency around vulnerability reporting

  • Inflexibility in adapting processes and approach after a breach

  • Stagnation in the application of key prevention techniques

  • Lethargy around detection and response

There’s some positive news: Sixty-one percent of respondents report that their cybersecurity budgets will increase, and they expect improved security at their companies.

At the same time, Solarwinds MSP notes that many organizations are confused about the difference between security and cybersecurity.

“The former is what companies are talking about when they think about readiness. What they often don’t realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently,” Pagliuca said.

Read more about:

Agents

About the Author

Lynn Haber

Content Director Lynn Haber follows channel news from partners, vendors, distributors and industry watchers. If I miss some coverage, don’t hesitate to email me and pass it along. Always up for chatting with partners. Say hi if you see me at a conference!

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like