More than two-thirds of businesses believe their network is open to attack from hackers, reports cybersecurity firm Radware.
However, the organisations also report high confidence levels in dealing with cybersecurity, with nine out of ten confident their security model was “effective at mitigating most or all attacks”.
Almost half of the companies surveyed had experienced data security breaches in the last 12 months and around 40% of them estimated that it took hours or days to discover a breach.
Most (69%) of data breaches are discovered through using anomaly detection tools and more than half are discovered by reactive notifications from darknet monitoring.
Almost a quarter of businesses have fired IT executives because of a breach and almost a third of companies face legal action from customers.
“Encrypting data is no longer enough”
Companies who had experienced attacks against web applications or web servers in the past 12 months reported that encrypted web attacks increased from 12% in 2017 to 50% in 2018 and more than half reported daily or weekly attacks.
Radware said: “Encrypting data is no longer enough to stop hackers. In the last 12 months, respondents said that the most common types of application or web server attacks they experienced were encrypted web attacks and data security breaches.”
Data collection and sharing
About half of the businesses said they only collected various types of customer data for internal use, but did not share it, and under half (43%) shared data about user behaviour, preferences and analytics.
“When extrapolated across the number of websites that most people interact with every day, the possible exposure of sensitive data is massive,” said Radware.
Vice president of Security Solutions Carl Herberger said: “While organisations are recognising they are under attack, often they’re discovering the breach only after pertinent information has been leaked. With today’s evolving threat landscape, organisations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
False confidence is tackling risk of cyberattack
Radware reported a “false sense” of confidence across businesses in their ability to deal with the constant and growing threat of attack.
It said: “It’s just a matter of time before a significant data breach happens.”
The cybersecurity firm recommends seven steps, which include encryption and a web application firewall (WAF).
“A good WAF,” said Radware, “Needs to sniff out these clandestine cyber assaulters. Device fingerprinting identifies, blacklists and blocks the source machines that are used for attacks regardless of the IP they hide behind.”