Organizations Understand Cyber Threat, but Many Still Aren’t Prepared

According to an informal poll of ActualTech Media webinar attendees, organizations know that they have to up their cyber resilience game, but many still have a lot of work to do.

The two-question poll, taken in March, indicated that attendees recognize the emerging cyber threat landscape.

The two most popular responses to the question “What do you think is the primary driver for enhancing cyber resilience in your organization this year?” were 1) Ensuring business continuity and minimizing operational disruptions, and 2) The escalating sophistication of cyber threats.

This reflects the understanding that emerging technologies like multi-cloud environments, APIs and digital supply chains have drastically increased the attack surface. Defending all that is a challenge.

The related poll question asked how prepared organizations were to adapt cybersecurity frameworks to address these hurdles.

By far the most popular answer, at 61 percent, was, “We’re somewhat prepared but we need enhancements in certain areas.” The second-place answer, “We’re minimally prepared with significant improvements needed,” garnered 11 percent.

In contrast, fewer than 10 percent said they’re fully prepared for attacks, having implemented a “proactive and adaptive cybersecurity strategy.”

Taken together, these findings represent a significant challenge to — or opportunity for, depending on your point of view — improvement in protecting internal and external networks, operations, and data.

Given the current sophistication of cyber threats, and the reality that old tried-and-true attack methods like social engineering continue to successfully harm companies, alarm bells should be clanging loudly.

One of the first things an organization should look into is adopting a “zero trust” mindset, assuming that every user and device on a network is out to do it harm unless it proves otherwise. That provides a solid starting point.