One survey suggests that these respondents had such high confidence levels in their firms’ cyber preparedness that they ignored best cyber-practices

In a survey of around 6,500 executive leaders, cybersecurity professionals and office workers in October 2022 across the US (21%), the UK (10%), Australia (10%), China (9%), France (10%), Germany (10%), India (10%)  Japan (10%) and the Netherlands (10%) about their organizations’ ability to stave off a damaging security breach, 97% of respondents who were leaders and security professionals indicated that their organisation was “prepared” or “more prepared” for this ability than they were a year ago.

Approximately half of respondents indicated they were “very prepared” to meet the growing threat landscape including ransomware, poor encryption and malicious employees, but expected safeguards such as deprovisioning credentials was ignored a third of the time, and nearly half of respondents indicated they suspected a former employee or contractor could still have active access to company systems and files.

Also, data indicated that respondents were racing to fortify against cyberattacks, with 92% of security professionals indicating they “had a method to prioritize patches” and also that “all types of patches rank high.” For the year ahead, cybersecurity insiders surveyed viewed phishing, ransomware and software vulnerabilities as top industry-level threats.

Other findings include:

    • Leaders in the survey engaged in more dangerous behavior and were four times more likely to be victims of phishing compared to office workers.
    • 33% or more of respondents who were leaders had “clicked on a phishing link”.
    • 25% indicated they used easy-to-remember birthdates as part of their password.
    • Leaders also indicated they were “much more likely” to hang on to passwords for years and data showed they were five times more likely than the rank and file to share their password with people outside the firm.
    • 20% would not “bet a chocolate bar” they could prevent a damaging breach.

According to Dr Srinivas Mukkamala, Chief Product Officer, Ivanti, which commissioned the survey:

“Patching is not nearly as simple as it sounds. Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize and even address vulnerabilities without excess manual intervention.”