The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting. That’s the analysis from the 2021 Cybersecurity Impact Report from IronNet.
The report is based on interviews with 473 security IT decision makers from the U.S., U.K. and Singapore who work in the technology, financial, public service and utilities sectors.
The survey found that 90% of respondents said their security posture had improved over the last two years, but 86% suffered attacks severe enough to require a meeting of the companies’ C-level executives or boards of directors.
The study found that 70% of companies surveyed felt the impact of the SolarWinds attack:
- Significant impact: 31%
- Slight impact: 39%
- Small impact: 15%
- No impact: 15%
The survey asked about the financial impact of the attack and found that the average impact was 11% of annual revenue or about $12 million per company. Companies in the U.S. reported an average of a 14% impact on annual revenue with the averages in the U.K. and Singapore at 8.6% and 9.1% respectively.
This was enough to motivate more information sharing about threats within the industry, with 81% of respondents saying they are more likely to share information with industry colleagues, including defensive techniques and best practices. The World Economic Forum and the U.S. Cyberspace Solarium Commission report both called for increased information sharing as a key part of reducing cyberattacks. The survey found that 67% of companies have started to share information with tech industry colleagues, and 50% started sharing more information with government leaders.
Companies in Singapore were most likely to share information with governments at 57%, followed by U.S. companies at 53% and U.K. firms at 43%. The barriers to this information sharing include:
- Concerns about data privacy and liability
- The lack of an automated or standard mechanism to share information with peers
- Shared information may not be timely or relevant by the time companies receive it
The attack also forced companies to rethink supply chain security with 42% of companies having already modified supply chain security, according to the survey.
As Lance Whitney reported for TechRepublic, a recent memo from the White House recommended that companies take these steps to reduce the risk of cybercrime, namely ransomware:
- Implement the key best practices from President Joe Biden’s executive order: These include multi-factor authentication, endpoint detection and response, data encryption to make stolen data unusable and a skilled security team who can rapidly patch vulnerabilities and share threat information.
- Back up your data: Keep those backups offline as many types of ransomware will look for accessible backups and regularly test them for reliability.
- Regularly update your systems: Promptly apply critical patches and consider a centralized patch management system supplemented by a risk-based assessment strategy.
- Implement and test an incident response plan: Answer a few core questions such as how long you can sustain business operations without access to certain systems.
- Check the work of your security team: Use a third-party penetration testing service to double-check internal security and the ability to ward off a sophisticated attack.
- Segment your networks: Put corporate business functions and manufacturing or production operations on separate network segments and limit internet access to operational networks and look for any links between the different segments.